curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter updated: Thu, 16 Sep 2021 12:03:17 +0000

This commit is contained in:
curben-bot 2021-09-16 12:03:17 +00:00
parent 4ec7c84700
commit 13d3b1da16
15 changed files with 598 additions and 553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
dist/pup-filter-ag.txt vendored
View File

@ -1,13 +1,13 @@
! Title: PUP Domains Blocklist (AdGuard)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 16 Sep 2021 00:02:56 +0000
! Updated: Thu, 16 Sep 2021 12:03:17 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
! Source: https://github.com/zhouhanc/malware-discoverer
||2021travel.net$all
||4upgradingstablesafe.work$all
||affiliateland.io$all
||aikoo.club$all
||amobil.online$all
||appzfirer.biz$all
||armorprovpn.me$all
@ -188,6 +188,7 @@
||medicreed.club$all
||meeryslotspin.xyz$all
||melanthios-ana.com$all
||mindmatch.ai$all
||mobileluckywinner.site$all
||money-hero.org$all
||movievod.me$all
@ -198,6 +199,7 @@
||nettrafficpartners.net$all
||newbuy.xyz$all
||newsinformer.net$all
||newstop.life$all
||offerpage.link$all
||offersearch.info$all
||official-bigwin-national-free.cyou$all
@ -237,6 +239,7 @@
||quantum.work$all
||quatrefeuillepolonaise.xyz$all
||quickdeals.online$all
||quizshein.shop$all
||rancy.xyz$all
||random-prize-bigwin-official.cyou$all
||randomprizebigwinofficial.cyou$all
@ -252,6 +255,7 @@
||search4theupgradeset.info$all
||search4upgradingset.info$all
||searchmgr.online$all
||seasoned.co$all
||securitevpn.me$all
||securityvpnpro.me$all
||sergey-tracks.xyz$all
@ -330,7 +334,6 @@
||usepro.me$all
||useprovpn.me$all
||usevpnpro.me$all
||vpn1aprotectplus.com$all
||vpnprosecurity.me$all
||vpnsecurity.me$all
||vpnservice.me$all

9
dist/pup-filter-agh.txt vendored
View File

@ -1,13 +1,13 @@
! Title: PUP Domains Blocklist (AdGuard Home)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 16 Sep 2021 00:02:56 +0000
! Updated: Thu, 16 Sep 2021 12:03:17 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
! Source: https://github.com/zhouhanc/malware-discoverer
||2021travel.net^
||4upgradingstablesafe.work^
||affiliateland.io^
||aikoo.club^
||amobil.online^
||appzfirer.biz^
||armorprovpn.me^
@ -188,6 +188,7 @@
||medicreed.club^
||meeryslotspin.xyz^
||melanthios-ana.com^
||mindmatch.ai^
||mobileluckywinner.site^
||money-hero.org^
||movievod.me^
@ -198,6 +199,7 @@
||nettrafficpartners.net^
||newbuy.xyz^
||newsinformer.net^
||newstop.life^
||offerpage.link^
||offersearch.info^
||official-bigwin-national-free.cyou^
@ -237,6 +239,7 @@
||quantum.work^
||quatrefeuillepolonaise.xyz^
||quickdeals.online^
||quizshein.shop^
||rancy.xyz^
||random-prize-bigwin-official.cyou^
||randomprizebigwinofficial.cyou^
@ -252,6 +255,7 @@
||search4theupgradeset.info^
||search4upgradingset.info^
||searchmgr.online^
||seasoned.co^
||securitevpn.me^
||securityvpnpro.me^
||sergey-tracks.xyz^
@ -330,7 +334,6 @@
||usepro.me^
||useprovpn.me^
||usevpnpro.me^
||vpn1aprotectplus.com^
||vpnprosecurity.me^
||vpnsecurity.me^
||vpnservice.me^

9
dist/pup-filter-bind.conf vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Domains BIND Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
zone "2021travel.net" { type master; notify no; file "null.zone.file"; };
zone "4upgradingstablesafe.work" { type master; notify no; file "null.zone.file"; };
zone "affiliateland.io" { type master; notify no; file "null.zone.file"; };
zone "aikoo.club" { type master; notify no; file "null.zone.file"; };
zone "amobil.online" { type master; notify no; file "null.zone.file"; };
zone "appzfirer.biz" { type master; notify no; file "null.zone.file"; };
zone "armorprovpn.me" { type master; notify no; file "null.zone.file"; };
@ -188,6 +188,7 @@ zone "mediaevent.uno" { type master; notify no; file "null.zone.file"; };
zone "medicreed.club" { type master; notify no; file "null.zone.file"; };
zone "meeryslotspin.xyz" { type master; notify no; file "null.zone.file"; };
zone "melanthios-ana.com" { type master; notify no; file "null.zone.file"; };
zone "mindmatch.ai" { type master; notify no; file "null.zone.file"; };
zone "mobileluckywinner.site" { type master; notify no; file "null.zone.file"; };
zone "money-hero.org" { type master; notify no; file "null.zone.file"; };
zone "movievod.me" { type master; notify no; file "null.zone.file"; };
@ -198,6 +199,7 @@ zone "naughtygirlsshowall.live" { type master; notify no; file "null.zone.file";
zone "nettrafficpartners.net" { type master; notify no; file "null.zone.file"; };
zone "newbuy.xyz" { type master; notify no; file "null.zone.file"; };
zone "newsinformer.net" { type master; notify no; file "null.zone.file"; };
zone "newstop.life" { type master; notify no; file "null.zone.file"; };
zone "offerpage.link" { type master; notify no; file "null.zone.file"; };
zone "offersearch.info" { type master; notify no; file "null.zone.file"; };
zone "official-bigwin-national-free.cyou" { type master; notify no; file "null.zone.file"; };
@ -237,6 +239,7 @@ zone "prtctapp.me" { type master; notify no; file "null.zone.file"; };
zone "quantum.work" { type master; notify no; file "null.zone.file"; };
zone "quatrefeuillepolonaise.xyz" { type master; notify no; file "null.zone.file"; };
zone "quickdeals.online" { type master; notify no; file "null.zone.file"; };
zone "quizshein.shop" { type master; notify no; file "null.zone.file"; };
zone "rancy.xyz" { type master; notify no; file "null.zone.file"; };
zone "random-prize-bigwin-official.cyou" { type master; notify no; file "null.zone.file"; };
zone "randomprizebigwinofficial.cyou" { type master; notify no; file "null.zone.file"; };
@ -252,6 +255,7 @@ zone "search4theupdatefree.work" { type master; notify no; file "null.zone.file"
zone "search4theupgradeset.info" { type master; notify no; file "null.zone.file"; };
zone "search4upgradingset.info" { type master; notify no; file "null.zone.file"; };
zone "searchmgr.online" { type master; notify no; file "null.zone.file"; };
zone "seasoned.co" { type master; notify no; file "null.zone.file"; };
zone "securitevpn.me" { type master; notify no; file "null.zone.file"; };
zone "securityvpnpro.me" { type master; notify no; file "null.zone.file"; };
zone "sergey-tracks.xyz" { type master; notify no; file "null.zone.file"; };
@ -330,7 +334,6 @@ zone "upplaysite.xyz" { type master; notify no; file "null.zone.file"; };
zone "usepro.me" { type master; notify no; file "null.zone.file"; };
zone "useprovpn.me" { type master; notify no; file "null.zone.file"; };
zone "usevpnpro.me" { type master; notify no; file "null.zone.file"; };
zone "vpn1aprotectplus.com" { type master; notify no; file "null.zone.file"; };
zone "vpnprosecurity.me" { type master; notify no; file "null.zone.file"; };
zone "vpnsecurity.me" { type master; notify no; file "null.zone.file"; };
zone "vpnservice.me" { type master; notify no; file "null.zone.file"; };

9
dist/pup-filter-dnscrypt-blocked-names.txt vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Names Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
2021travel.net
4upgradingstablesafe.work
affiliateland.io
aikoo.club
amobil.online
appzfirer.biz
armorprovpn.me
@ -188,6 +188,7 @@ mediaevent.uno
medicreed.club
meeryslotspin.xyz
melanthios-ana.com
mindmatch.ai
mobileluckywinner.site
money-hero.org
movievod.me
@ -198,6 +199,7 @@ naughtygirlsshowall.live
nettrafficpartners.net
newbuy.xyz
newsinformer.net
newstop.life
offerpage.link
offersearch.info
official-bigwin-national-free.cyou
@ -237,6 +239,7 @@ prtctapp.me
quantum.work
quatrefeuillepolonaise.xyz
quickdeals.online
quizshein.shop
rancy.xyz
random-prize-bigwin-official.cyou
randomprizebigwinofficial.cyou
@ -252,6 +255,7 @@ search4theupdatefree.work
search4theupgradeset.info
search4upgradingset.info
searchmgr.online
seasoned.co
securitevpn.me
securityvpnpro.me
sergey-tracks.xyz
@ -330,7 +334,6 @@ upplaysite.xyz
usepro.me
useprovpn.me
usevpnpro.me
vpn1aprotectplus.com
vpnprosecurity.me
vpnsecurity.me
vpnservice.me

9
dist/pup-filter-dnsmasq.conf vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Domains dnsmasq Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
address=/2021travel.net/0.0.0.0
address=/4upgradingstablesafe.work/0.0.0.0
address=/affiliateland.io/0.0.0.0
address=/aikoo.club/0.0.0.0
address=/amobil.online/0.0.0.0
address=/appzfirer.biz/0.0.0.0
address=/armorprovpn.me/0.0.0.0
@ -188,6 +188,7 @@ address=/mediaevent.uno/0.0.0.0
address=/medicreed.club/0.0.0.0
address=/meeryslotspin.xyz/0.0.0.0
address=/melanthios-ana.com/0.0.0.0
address=/mindmatch.ai/0.0.0.0
address=/mobileluckywinner.site/0.0.0.0
address=/money-hero.org/0.0.0.0
address=/movievod.me/0.0.0.0
@ -198,6 +199,7 @@ address=/naughtygirlsshowall.live/0.0.0.0
address=/nettrafficpartners.net/0.0.0.0
address=/newbuy.xyz/0.0.0.0
address=/newsinformer.net/0.0.0.0
address=/newstop.life/0.0.0.0
address=/offerpage.link/0.0.0.0
address=/offersearch.info/0.0.0.0
address=/official-bigwin-national-free.cyou/0.0.0.0
@ -237,6 +239,7 @@ address=/prtctapp.me/0.0.0.0
address=/quantum.work/0.0.0.0
address=/quatrefeuillepolonaise.xyz/0.0.0.0
address=/quickdeals.online/0.0.0.0
address=/quizshein.shop/0.0.0.0
address=/rancy.xyz/0.0.0.0
address=/random-prize-bigwin-official.cyou/0.0.0.0
address=/randomprizebigwinofficial.cyou/0.0.0.0
@ -252,6 +255,7 @@ address=/search4theupdatefree.work/0.0.0.0
address=/search4theupgradeset.info/0.0.0.0
address=/search4upgradingset.info/0.0.0.0
address=/searchmgr.online/0.0.0.0
address=/seasoned.co/0.0.0.0
address=/securitevpn.me/0.0.0.0
address=/securityvpnpro.me/0.0.0.0
address=/sergey-tracks.xyz/0.0.0.0
@ -330,7 +334,6 @@ address=/upplaysite.xyz/0.0.0.0
address=/usepro.me/0.0.0.0
address=/useprovpn.me/0.0.0.0
address=/usevpnpro.me/0.0.0.0
address=/vpn1aprotectplus.com/0.0.0.0
address=/vpnprosecurity.me/0.0.0.0
address=/vpnsecurity.me/0.0.0.0
address=/vpnservice.me/0.0.0.0

9
dist/pup-filter-domains.txt vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Domains Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
2021travel.net
4upgradingstablesafe.work
affiliateland.io
aikoo.club
amobil.online
appzfirer.biz
armorprovpn.me
@ -188,6 +188,7 @@ mediaevent.uno
medicreed.club
meeryslotspin.xyz
melanthios-ana.com
mindmatch.ai
mobileluckywinner.site
money-hero.org
movievod.me
@ -198,6 +199,7 @@ naughtygirlsshowall.live
nettrafficpartners.net
newbuy.xyz
newsinformer.net
newstop.life
offerpage.link
offersearch.info
official-bigwin-national-free.cyou
@ -237,6 +239,7 @@ prtctapp.me
quantum.work
quatrefeuillepolonaise.xyz
quickdeals.online
quizshein.shop
rancy.xyz
random-prize-bigwin-official.cyou
randomprizebigwinofficial.cyou
@ -252,6 +255,7 @@ search4theupdatefree.work
search4theupgradeset.info
search4upgradingset.info
searchmgr.online
seasoned.co
securitevpn.me
securityvpnpro.me
sergey-tracks.xyz
@ -330,7 +334,6 @@ upplaysite.xyz
usepro.me
useprovpn.me
usevpnpro.me
vpn1aprotectplus.com
vpnprosecurity.me
vpnsecurity.me
vpnservice.me

9
dist/pup-filter-hosts.txt vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Hosts Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
0.0.0.0 2021travel.net
0.0.0.0 4upgradingstablesafe.work
0.0.0.0 affiliateland.io
0.0.0.0 aikoo.club
0.0.0.0 amobil.online
0.0.0.0 appzfirer.biz
0.0.0.0 armorprovpn.me
@ -188,6 +188,7 @@
0.0.0.0 medicreed.club
0.0.0.0 meeryslotspin.xyz
0.0.0.0 melanthios-ana.com
0.0.0.0 mindmatch.ai
0.0.0.0 mobileluckywinner.site
0.0.0.0 money-hero.org
0.0.0.0 movievod.me
@ -198,6 +199,7 @@
0.0.0.0 nettrafficpartners.net
0.0.0.0 newbuy.xyz
0.0.0.0 newsinformer.net
0.0.0.0 newstop.life
0.0.0.0 offerpage.link
0.0.0.0 offersearch.info
0.0.0.0 official-bigwin-national-free.cyou
@ -237,6 +239,7 @@
0.0.0.0 quantum.work
0.0.0.0 quatrefeuillepolonaise.xyz
0.0.0.0 quickdeals.online
0.0.0.0 quizshein.shop
0.0.0.0 rancy.xyz
0.0.0.0 random-prize-bigwin-official.cyou
0.0.0.0 randomprizebigwinofficial.cyou
@ -252,6 +255,7 @@
0.0.0.0 search4theupgradeset.info
0.0.0.0 search4upgradingset.info
0.0.0.0 searchmgr.online
0.0.0.0 seasoned.co
0.0.0.0 securitevpn.me
0.0.0.0 securityvpnpro.me
0.0.0.0 sergey-tracks.xyz
@ -330,7 +334,6 @@
0.0.0.0 usepro.me
0.0.0.0 useprovpn.me
0.0.0.0 usevpnpro.me
0.0.0.0 vpn1aprotectplus.com
0.0.0.0 vpnprosecurity.me
0.0.0.0 vpnsecurity.me
0.0.0.0 vpnservice.me

11
dist/pup-filter-rpz.conf vendored
View File

@ -1,18 +1,18 @@
; Title: PUP Domains RPZ Blocklist
; Description: Block domains that host potentially unwanted programs (PUP)
; Updated: Thu, 16 Sep 2021 00:02:56 +0000
; Updated: Thu, 16 Sep 2021 12:03:17 +0000
; Expires: 1 day (update frequency)
; Homepage: https://gitlab.com/curben/pup-filter
; License: https://gitlab.com/curben/pup-filter#license
; Source: https://github.com/zhouhanc/malware-discoverer
$TTL 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1631750576 86400 3600 604800 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1631793797 86400 3600 604800 30
NS localhost.
2021travel.net CNAME .
4upgradingstablesafe.work CNAME .
affiliateland.io CNAME .
aikoo.club CNAME .
amobil.online CNAME .
appzfirer.biz CNAME .
armorprovpn.me CNAME .
@ -193,6 +193,7 @@ mediaevent.uno CNAME .
medicreed.club CNAME .
meeryslotspin.xyz CNAME .
melanthios-ana.com CNAME .
mindmatch.ai CNAME .
mobileluckywinner.site CNAME .
money-hero.org CNAME .
movievod.me CNAME .
@ -203,6 +204,7 @@ naughtygirlsshowall.live CNAME .
nettrafficpartners.net CNAME .
newbuy.xyz CNAME .
newsinformer.net CNAME .
newstop.life CNAME .
offerpage.link CNAME .
offersearch.info CNAME .
official-bigwin-national-free.cyou CNAME .
@ -242,6 +244,7 @@ prtctapp.me CNAME .
quantum.work CNAME .
quatrefeuillepolonaise.xyz CNAME .
quickdeals.online CNAME .
quizshein.shop CNAME .
rancy.xyz CNAME .
random-prize-bigwin-official.cyou CNAME .
randomprizebigwinofficial.cyou CNAME .
@ -257,6 +260,7 @@ search4theupdatefree.work CNAME .
search4theupgradeset.info CNAME .
search4upgradingset.info CNAME .
searchmgr.online CNAME .
seasoned.co CNAME .
securitevpn.me CNAME .
securityvpnpro.me CNAME .
sergey-tracks.xyz CNAME .
@ -335,7 +339,6 @@ upplaysite.xyz CNAME .
usepro.me CNAME .
useprovpn.me CNAME .
usevpnpro.me CNAME .
vpn1aprotectplus.com CNAME .
vpnprosecurity.me CNAME .
vpnsecurity.me CNAME .
vpnservice.me CNAME .

347
dist/pup-filter-snort2.rules vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Domains Snort2 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"2021travel.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000001; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"4upgradingstablesafe.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"affiliateland.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"amobil.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"armorprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
@ -188,173 +188,176 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medicreed.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeryslotspin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"melanthios-ana.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobileluckywinner.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"money-hero.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"movievod.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-credit-score.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mynutriplan.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"n95o0fxvvw.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"naughtygirlsshowall.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newbuy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsinformer.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"official-bigwin-national-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"official-prize-national-random.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialbigwinnationalfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialprizenationalrandom.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"oldharper.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"olivedinflats.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-prize-super-promotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprizesuperpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlinewinnerluckyrewards.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ouldthepat.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pcsecurity-live.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performlatestoverlyapplication.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performprecise-theuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performrefineduberapplication.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performstrong-thegreatlyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performuberquickapplication.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placesiteb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspind.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppploanchoices.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitsurvey365.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitsurvey365.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"proprotect.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosecurityvpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protecttool.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"provpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"provpnsecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"provpnservice.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prtctapp.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quantum.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quatrefeuillepolonaise.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quickdeals.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rancy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"random-prize-bigwin-official.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"randomprizebigwinofficial.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewards-promotion-winner-super.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardsluckygiveawayprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardspromotionwinnersuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scoopswoop.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sorrectionki.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stogether.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestnewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamfree-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselysophisticatedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamoverly-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streampreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamprogressive-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamquick-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrenewed-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamspeedyintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamstrong-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamuber-bestspeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamuber-bestswiftfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sudoo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"summermedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-notify.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccurrentmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatestintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmostprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestuberthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrecentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncubercurrentfiles.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdatit.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tackis.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technoblogs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technologypartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thecryptozone.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theirproviderock.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timeoffers.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"toolvpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"top-offers2.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tracking-landers.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trackingsys.tech"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trafficmind.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trane.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tripleprofit-zone.life"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustappstreamsall.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitehealth.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatefix.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplaysite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"useprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usevpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn1aprotectplus.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnprosecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnsecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnservice.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchextremely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchgreatly-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchgreatly-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchlatest-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchquick-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchrefined-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-security.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerbigwingiveawaysuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worivo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-national-claim-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-prize-giveaway-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideluckypromotionfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwidenationalclaimfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialrewardssuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideprizegiveawayfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobileluckywinner.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"money-hero.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"movievod.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-credit-score.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mynutriplan.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"n95o0fxvvw.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"naughtygirlsshowall.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newbuy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsinformer.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newstop.life"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"official-bigwin-national-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"official-prize-national-random.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialbigwinnationalfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialprizenationalrandom.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"oldharper.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"olivedinflats.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-prize-super-promotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprizesuperpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlinewinnerluckyrewards.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ouldthepat.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pcsecurity-live.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performlatestoverlyapplication.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performprecise-theuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performrefineduberapplication.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performstrong-thegreatlyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performuberquickapplication.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placesiteb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspind.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppploanchoices.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitsurvey365.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitsurvey365.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"proprotect.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosecurityvpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protecttool.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"provpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"provpnsecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"provpnservice.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prtctapp.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quantum.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quatrefeuillepolonaise.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quickdeals.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quizshein.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rancy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"random-prize-bigwin-official.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"randomprizebigwinofficial.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewards-promotion-winner-super.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardsluckygiveawayprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardspromotionwinnersuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scoopswoop.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seasoned.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sorrectionki.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stogether.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestnewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamfree-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselysophisticatedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamoverly-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streampreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamprogressive-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamquick-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrenewed-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamspeedyintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamstrong-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamuber-bestspeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamuber-bestswiftfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sudoo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"summermedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-notify.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccurrentmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatestintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmostprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestuberthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrecentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncubercurrentfiles.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdatit.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tackis.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technoblogs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technologypartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thecryptozone.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theirproviderock.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timeoffers.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"toolvpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"top-offers2.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tracking-landers.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trackingsys.tech"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trafficmind.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trane.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tripleprofit-zone.life"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustappstreamsall.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitehealth.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatefix.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplaysite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"useprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usevpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnprosecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnsecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnservice.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchextremely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchgreatly-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchgreatly-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchlatest-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchquick-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchrefined-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-security.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerbigwingiveawaysuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worivo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-national-claim-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-prize-giveaway-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideluckypromotionfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwidenationalclaimfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialrewardssuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideprizegiveawayfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;)

347
dist/pup-filter-snort3.rules vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Domains Snort3 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"2021travel.net",nocase; classtype:web-application-activity; sid:300000001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"4upgradingstablesafe.work",nocase; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"affiliateland.io",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"amobil.online",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"armorprovpn.me",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
@ -188,173 +188,176 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medicreed.club",nocase; classtype:web-application-activity; sid:300000181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"meeryslotspin.xyz",nocase; classtype:web-application-activity; sid:300000182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"melanthios-ana.com",nocase; classtype:web-application-activity; sid:300000183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobileluckywinner.site",nocase; classtype:web-application-activity; sid:300000184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"money-hero.org",nocase; classtype:web-application-activity; sid:300000185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"movievod.me",nocase; classtype:web-application-activity; sid:300000186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"my-credit-score.xyz",nocase; classtype:web-application-activity; sid:300000187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mynutriplan.co",nocase; classtype:web-application-activity; sid:300000188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"n95o0fxvvw.top",nocase; classtype:web-application-activity; sid:300000189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"naughtygirlsshowall.live",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newbuy.xyz",nocase; classtype:web-application-activity; sid:300000192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsinformer.net",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"official-bigwin-national-free.cyou",nocase; classtype:web-application-activity; sid:300000196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"official-prize-national-random.cyou",nocase; classtype:web-application-activity; sid:300000197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"officialbigwinnationalfree.cyou",nocase; classtype:web-application-activity; sid:300000198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"officialprizenationalrandom.cyou",nocase; classtype:web-application-activity; sid:300000199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"oldharper.xyz",nocase; classtype:web-application-activity; sid:300000200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"olivedinflats.space",nocase; classtype:web-application-activity; sid:300000201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"online-prize-super-promotion.cyou",nocase; classtype:web-application-activity; sid:300000202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprize.cyou",nocase; classtype:web-application-activity; sid:300000203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprizesuperpromotion.cyou",nocase; classtype:web-application-activity; sid:300000204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlinewinnerluckyrewards.cyou",nocase; classtype:web-application-activity; sid:300000205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ouldthepat.fun",nocase; classtype:web-application-activity; sid:300000206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pcsecurity-live.xyz",nocase; classtype:web-application-activity; sid:300000208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performlatestoverlyapplication.icu",nocase; classtype:web-application-activity; sid:300000209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performprecise-theuberfile.best",nocase; classtype:web-application-activity; sid:300000210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performrefineduberapplication.icu",nocase; classtype:web-application-activity; sid:300000211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performstrong-thegreatlyfile.digital",nocase; classtype:web-application-activity; sid:300000212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performuberquickapplication.icu",nocase; classtype:web-application-activity; sid:300000213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placesiteb.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspind.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ppploanchoices.site",nocase; classtype:web-application-activity; sid:300000219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitsurvey365.online",nocase; classtype:web-application-activity; sid:300000221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitsurvey365.org",nocase; classtype:web-application-activity; sid:300000222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"proprotect.me",nocase; classtype:web-application-activity; sid:300000223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prosecurityvpn.me",nocase; classtype:web-application-activity; sid:300000224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protecttool.me",nocase; classtype:web-application-activity; sid:300000225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"provpn.me",nocase; classtype:web-application-activity; sid:300000226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"provpnsecurity.me",nocase; classtype:web-application-activity; sid:300000227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"provpnservice.me",nocase; classtype:web-application-activity; sid:300000228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prtctapp.me",nocase; classtype:web-application-activity; sid:300000229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quantum.work",nocase; classtype:web-application-activity; sid:300000230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quatrefeuillepolonaise.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quickdeals.online",nocase; classtype:web-application-activity; sid:300000232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rancy.xyz",nocase; classtype:web-application-activity; sid:300000233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"random-prize-bigwin-official.cyou",nocase; classtype:web-application-activity; sid:300000234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"randomprizebigwinofficial.cyou",nocase; classtype:web-application-activity; sid:300000235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewards-promotion-winner-super.cyou",nocase; classtype:web-application-activity; sid:300000236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardsluckygiveawayprize.cyou",nocase; classtype:web-application-activity; sid:300000237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardspromotionwinnersuper.cyou",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scoopswoop.info",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sorrectionki.space",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stogether.fun",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestnewestfile.best",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamfree-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselysophisticatedthefile.vip",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamoverly-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streampreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamprogressive-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamquick-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrenewed-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamspeedyintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamstrong-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamuber-bestspeedyfile.best",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamuber-bestswiftfile.best",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sudoo.net",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"summermedia.club",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superpromotion.cyou",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"support-notify.space",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccurrentmostthefile.vip",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatestintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncmostprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestmostthefile.vip",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestuberthefile.vip",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrecentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncubercurrentfiles.best",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdatit.club",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tackis.xyz",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technoblogs.net",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technologypartners.net",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thecryptozone.website",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theirproviderock.top",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timeoffers.net",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"toolvpn.me",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"top-offers2.club",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tracking-landers.xyz",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trackingsys.tech",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trafficmind.pro",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trane.fun",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tripleprofit-zone.life",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trustappstreamsall.digital",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"unitehealth.club",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatefix.xyz",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplaysite.xyz",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usepro.me",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"useprovpn.me",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usevpnpro.me",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn1aprotectplus.com",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnprosecurity.me",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnsecurity.me",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnservice.me",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchextremely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchgreatly-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchgreatly-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchlatest-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchquick-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchrefined-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"web-security.ml",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerbigwingiveawaysuper.cyou",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.site",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worivo.info",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-national-claim-free.cyou",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-prize-giveaway-free.cyou",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideluckypromotionfree.cyou",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwidenationalclaimfree.cyou",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialrewardssuper.cyou",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideprizegiveawayfree.cyou",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobileluckywinner.site",nocase; classtype:web-application-activity; sid:300000185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"money-hero.org",nocase; classtype:web-application-activity; sid:300000186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"movievod.me",nocase; classtype:web-application-activity; sid:300000187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"my-credit-score.xyz",nocase; classtype:web-application-activity; sid:300000188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mynutriplan.co",nocase; classtype:web-application-activity; sid:300000189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"n95o0fxvvw.top",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"naughtygirlsshowall.live",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newbuy.xyz",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsinformer.net",nocase; classtype:web-application-activity; sid:300000194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newstop.life",nocase; classtype:web-application-activity; sid:300000195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"official-bigwin-national-free.cyou",nocase; classtype:web-application-activity; sid:300000198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"official-prize-national-random.cyou",nocase; classtype:web-application-activity; sid:300000199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"officialbigwinnationalfree.cyou",nocase; classtype:web-application-activity; sid:300000200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"officialprizenationalrandom.cyou",nocase; classtype:web-application-activity; sid:300000201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"oldharper.xyz",nocase; classtype:web-application-activity; sid:300000202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"olivedinflats.space",nocase; classtype:web-application-activity; sid:300000203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"online-prize-super-promotion.cyou",nocase; classtype:web-application-activity; sid:300000204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprize.cyou",nocase; classtype:web-application-activity; sid:300000205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprizesuperpromotion.cyou",nocase; classtype:web-application-activity; sid:300000206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlinewinnerluckyrewards.cyou",nocase; classtype:web-application-activity; sid:300000207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ouldthepat.fun",nocase; classtype:web-application-activity; sid:300000208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pcsecurity-live.xyz",nocase; classtype:web-application-activity; sid:300000210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performlatestoverlyapplication.icu",nocase; classtype:web-application-activity; sid:300000211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performprecise-theuberfile.best",nocase; classtype:web-application-activity; sid:300000212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performrefineduberapplication.icu",nocase; classtype:web-application-activity; sid:300000213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performstrong-thegreatlyfile.digital",nocase; classtype:web-application-activity; sid:300000214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performuberquickapplication.icu",nocase; classtype:web-application-activity; sid:300000215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placesiteb.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspind.xyz",nocase; classtype:web-application-activity; sid:300000220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ppploanchoices.site",nocase; classtype:web-application-activity; sid:300000221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitsurvey365.online",nocase; classtype:web-application-activity; sid:300000223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitsurvey365.org",nocase; classtype:web-application-activity; sid:300000224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"proprotect.me",nocase; classtype:web-application-activity; sid:300000225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prosecurityvpn.me",nocase; classtype:web-application-activity; sid:300000226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protecttool.me",nocase; classtype:web-application-activity; sid:300000227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"provpn.me",nocase; classtype:web-application-activity; sid:300000228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"provpnsecurity.me",nocase; classtype:web-application-activity; sid:300000229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"provpnservice.me",nocase; classtype:web-application-activity; sid:300000230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prtctapp.me",nocase; classtype:web-application-activity; sid:300000231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quantum.work",nocase; classtype:web-application-activity; sid:300000232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quatrefeuillepolonaise.xyz",nocase; classtype:web-application-activity; sid:300000233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quickdeals.online",nocase; classtype:web-application-activity; sid:300000234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quizshein.shop",nocase; classtype:web-application-activity; sid:300000235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rancy.xyz",nocase; classtype:web-application-activity; sid:300000236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"random-prize-bigwin-official.cyou",nocase; classtype:web-application-activity; sid:300000237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"randomprizebigwinofficial.cyou",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewards-promotion-winner-super.cyou",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardsluckygiveawayprize.cyou",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardspromotionwinnersuper.cyou",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scoopswoop.info",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seasoned.co",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sorrectionki.space",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stogether.fun",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestnewestfile.best",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamfree-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselysophisticatedthefile.vip",nocase; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamoverly-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streampreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamprogressive-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamquick-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrenewed-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamspeedyintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamstrong-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamuber-bestspeedyfile.best",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamuber-bestswiftfile.best",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sudoo.net",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"summermedia.club",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superpromotion.cyou",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"support-notify.space",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccurrentmostthefile.vip",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatestintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncmostprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestmostthefile.vip",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestuberthefile.vip",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrecentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncubercurrentfiles.best",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdatit.club",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tackis.xyz",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technoblogs.net",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technologypartners.net",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thecryptozone.website",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theirproviderock.top",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timeoffers.net",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"toolvpn.me",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"top-offers2.club",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tracking-landers.xyz",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trackingsys.tech",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trafficmind.pro",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trane.fun",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tripleprofit-zone.life",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trustappstreamsall.digital",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"unitehealth.club",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatefix.xyz",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplaysite.xyz",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usepro.me",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"useprovpn.me",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usevpnpro.me",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnprosecurity.me",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnsecurity.me",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnservice.me",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchextremely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchgreatly-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchgreatly-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchlatest-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchquick-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchrefined-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"web-security.ml",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerbigwingiveawaysuper.cyou",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.site",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worivo.info",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-national-claim-free.cyou",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-prize-giveaway-free.cyou",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideluckypromotionfree.cyou",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwidenationalclaimfree.cyou",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialrewardssuper.cyou",nocase; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideprizegiveawayfree.cyou",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000356; rev:1;)

347
dist/pup-filter-suricata.rules vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Domains Suricata Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2021travel.net"; classtype:web-application-activity; sid:300000001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4upgradingstablesafe.work"; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"affiliateland.io"; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amobil.online"; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"armorprovpn.me"; classtype:web-application-activity; sid:300000006; rev:1;)
@ -188,173 +188,176 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medicreed.club"; classtype:web-application-activity; sid:300000181; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeryslotspin.xyz"; classtype:web-application-activity; sid:300000182; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"melanthios-ana.com"; classtype:web-application-activity; sid:300000183; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobileluckywinner.site"; classtype:web-application-activity; sid:300000184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"money-hero.org"; classtype:web-application-activity; sid:300000185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"movievod.me"; classtype:web-application-activity; sid:300000186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-credit-score.xyz"; classtype:web-application-activity; sid:300000187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mynutriplan.co"; classtype:web-application-activity; sid:300000188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n95o0fxvvw.top"; classtype:web-application-activity; sid:300000189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"naughtygirlsshowall.live"; classtype:web-application-activity; sid:300000190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newbuy.xyz"; classtype:web-application-activity; sid:300000192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsinformer.net"; classtype:web-application-activity; sid:300000193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"official-bigwin-national-free.cyou"; classtype:web-application-activity; sid:300000196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"official-prize-national-random.cyou"; classtype:web-application-activity; sid:300000197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialbigwinnationalfree.cyou"; classtype:web-application-activity; sid:300000198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialprizenationalrandom.cyou"; classtype:web-application-activity; sid:300000199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oldharper.xyz"; classtype:web-application-activity; sid:300000200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olivedinflats.space"; classtype:web-application-activity; sid:300000201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online-prize-super-promotion.cyou"; classtype:web-application-activity; sid:300000202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprize.cyou"; classtype:web-application-activity; sid:300000203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprizesuperpromotion.cyou"; classtype:web-application-activity; sid:300000204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlinewinnerluckyrewards.cyou"; classtype:web-application-activity; sid:300000205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ouldthepat.fun"; classtype:web-application-activity; sid:300000206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcsecurity-live.xyz"; classtype:web-application-activity; sid:300000208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performlatestoverlyapplication.icu"; classtype:web-application-activity; sid:300000209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performprecise-theuberfile.best"; classtype:web-application-activity; sid:300000210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrefineduberapplication.icu"; classtype:web-application-activity; sid:300000211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performstrong-thegreatlyfile.digital"; classtype:web-application-activity; sid:300000212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performuberquickapplication.icu"; classtype:web-application-activity; sid:300000213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspind.xyz"; classtype:web-application-activity; sid:300000218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppploanchoices.site"; classtype:web-application-activity; sid:300000219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitsurvey365.online"; classtype:web-application-activity; sid:300000221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitsurvey365.org"; classtype:web-application-activity; sid:300000222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proprotect.me"; classtype:web-application-activity; sid:300000223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosecurityvpn.me"; classtype:web-application-activity; sid:300000224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protecttool.me"; classtype:web-application-activity; sid:300000225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provpn.me"; classtype:web-application-activity; sid:300000226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provpnsecurity.me"; classtype:web-application-activity; sid:300000227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provpnservice.me"; classtype:web-application-activity; sid:300000228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prtctapp.me"; classtype:web-application-activity; sid:300000229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quantum.work"; classtype:web-application-activity; sid:300000230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quatrefeuillepolonaise.xyz"; classtype:web-application-activity; sid:300000231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quickdeals.online"; classtype:web-application-activity; sid:300000232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rancy.xyz"; classtype:web-application-activity; sid:300000233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"random-prize-bigwin-official.cyou"; classtype:web-application-activity; sid:300000234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"randomprizebigwinofficial.cyou"; classtype:web-application-activity; sid:300000235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewards-promotion-winner-super.cyou"; classtype:web-application-activity; sid:300000236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardsluckygiveawayprize.cyou"; classtype:web-application-activity; sid:300000237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardspromotionwinnersuper.cyou"; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scoopswoop.info"; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sorrectionki.space"; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stogether.fun"; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestnewestfile.best"; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamfree-bestmostfile.best"; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestlatestfile.best"; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestquickfile.best"; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselysophisticatedthefile.vip"; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestoverlyfile.best"; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamoverly-bestrenewedfile.best"; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streampreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamprogressive-bestoverlyfile.best"; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamquick-bestmostfile.best"; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestintenselyfile.best"; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestuberfile.best"; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrenewed-bestoverlyfile.best"; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamspeedyintenselythefile.vip"; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamstrong-bestuberfile.best"; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamuber-bestspeedyfile.best"; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamuber-bestswiftfile.best"; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sudoo.net"; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"summermedia.club"; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superpromotion.cyou"; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-notify.space"; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccurrentmostthefile.vip"; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatestintenselythefile.vip"; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmostprecisethefile.vip"; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestmostthefile.vip"; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestuberthefile.vip"; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrecentintenselythefile.vip"; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncubercurrentfiles.best"; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdatit.club"; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tackis.xyz"; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technoblogs.net"; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technologypartners.net"; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thecryptozone.website"; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theirproviderock.top"; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timeoffers.net"; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toolvpn.me"; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top-offers2.club"; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tracking-landers.xyz"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trackingsys.tech"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficmind.pro"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trane.fun"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tripleprofit-zone.life"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustappstreamsall.digital"; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitehealth.club"; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatefix.xyz"; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplaysite.xyz"; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usepro.me"; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"useprovpn.me"; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usevpnpro.me"; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn1aprotectplus.com"; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnprosecurity.me"; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnsecurity.me"; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnservice.me"; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchextremely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchgreatly-bestcurrentfile.best"; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchgreatly-bestlatestfile.best"; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchlatest-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchquick-bestheavilyfile.best"; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchrefined-bestextremelyfile.best"; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-security.ml"; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerbigwingiveawaysuper.cyou"; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.site"; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worivo.info"; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-national-claim-free.cyou"; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-prize-giveaway-free.cyou"; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideluckypromotionfree.cyou"; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwidenationalclaimfree.cyou"; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialrewardssuper.cyou"; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideprizegiveawayfree.cyou"; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000184; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobileluckywinner.site"; classtype:web-application-activity; sid:300000185; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"money-hero.org"; classtype:web-application-activity; sid:300000186; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"movievod.me"; classtype:web-application-activity; sid:300000187; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-credit-score.xyz"; classtype:web-application-activity; sid:300000188; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mynutriplan.co"; classtype:web-application-activity; sid:300000189; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n95o0fxvvw.top"; classtype:web-application-activity; sid:300000190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"naughtygirlsshowall.live"; classtype:web-application-activity; sid:300000191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newbuy.xyz"; classtype:web-application-activity; sid:300000193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsinformer.net"; classtype:web-application-activity; sid:300000194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newstop.life"; classtype:web-application-activity; sid:300000195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"official-bigwin-national-free.cyou"; classtype:web-application-activity; sid:300000198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"official-prize-national-random.cyou"; classtype:web-application-activity; sid:300000199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialbigwinnationalfree.cyou"; classtype:web-application-activity; sid:300000200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialprizenationalrandom.cyou"; classtype:web-application-activity; sid:300000201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oldharper.xyz"; classtype:web-application-activity; sid:300000202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olivedinflats.space"; classtype:web-application-activity; sid:300000203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online-prize-super-promotion.cyou"; classtype:web-application-activity; sid:300000204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprize.cyou"; classtype:web-application-activity; sid:300000205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprizesuperpromotion.cyou"; classtype:web-application-activity; sid:300000206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlinewinnerluckyrewards.cyou"; classtype:web-application-activity; sid:300000207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ouldthepat.fun"; classtype:web-application-activity; sid:300000208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcsecurity-live.xyz"; classtype:web-application-activity; sid:300000210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performlatestoverlyapplication.icu"; classtype:web-application-activity; sid:300000211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performprecise-theuberfile.best"; classtype:web-application-activity; sid:300000212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrefineduberapplication.icu"; classtype:web-application-activity; sid:300000213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performstrong-thegreatlyfile.digital"; classtype:web-application-activity; sid:300000214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performuberquickapplication.icu"; classtype:web-application-activity; sid:300000215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspind.xyz"; classtype:web-application-activity; sid:300000220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppploanchoices.site"; classtype:web-application-activity; sid:300000221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitsurvey365.online"; classtype:web-application-activity; sid:300000223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitsurvey365.org"; classtype:web-application-activity; sid:300000224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proprotect.me"; classtype:web-application-activity; sid:300000225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosecurityvpn.me"; classtype:web-application-activity; sid:300000226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protecttool.me"; classtype:web-application-activity; sid:300000227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provpn.me"; classtype:web-application-activity; sid:300000228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provpnsecurity.me"; classtype:web-application-activity; sid:300000229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provpnservice.me"; classtype:web-application-activity; sid:300000230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prtctapp.me"; classtype:web-application-activity; sid:300000231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quantum.work"; classtype:web-application-activity; sid:300000232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quatrefeuillepolonaise.xyz"; classtype:web-application-activity; sid:300000233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quickdeals.online"; classtype:web-application-activity; sid:300000234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quizshein.shop"; classtype:web-application-activity; sid:300000235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rancy.xyz"; classtype:web-application-activity; sid:300000236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"random-prize-bigwin-official.cyou"; classtype:web-application-activity; sid:300000237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"randomprizebigwinofficial.cyou"; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewards-promotion-winner-super.cyou"; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardsluckygiveawayprize.cyou"; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardspromotionwinnersuper.cyou"; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scoopswoop.info"; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seasoned.co"; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sorrectionki.space"; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stogether.fun"; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestnewestfile.best"; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamfree-bestmostfile.best"; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestlatestfile.best"; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestquickfile.best"; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselysophisticatedthefile.vip"; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestoverlyfile.best"; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamoverly-bestrenewedfile.best"; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streampreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamprogressive-bestoverlyfile.best"; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamquick-bestmostfile.best"; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestintenselyfile.best"; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestuberfile.best"; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrenewed-bestoverlyfile.best"; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamspeedyintenselythefile.vip"; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamstrong-bestuberfile.best"; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamuber-bestspeedyfile.best"; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamuber-bestswiftfile.best"; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sudoo.net"; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"summermedia.club"; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superpromotion.cyou"; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-notify.space"; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccurrentmostthefile.vip"; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatestintenselythefile.vip"; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmostprecisethefile.vip"; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestmostthefile.vip"; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestuberthefile.vip"; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrecentintenselythefile.vip"; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncubercurrentfiles.best"; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdatit.club"; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tackis.xyz"; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technoblogs.net"; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technologypartners.net"; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thecryptozone.website"; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theirproviderock.top"; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timeoffers.net"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toolvpn.me"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top-offers2.club"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tracking-landers.xyz"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trackingsys.tech"; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficmind.pro"; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trane.fun"; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tripleprofit-zone.life"; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustappstreamsall.digital"; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitehealth.club"; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatefix.xyz"; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplaysite.xyz"; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usepro.me"; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"useprovpn.me"; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usevpnpro.me"; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnprosecurity.me"; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnsecurity.me"; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnservice.me"; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchextremely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchgreatly-bestcurrentfile.best"; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchgreatly-bestlatestfile.best"; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchlatest-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchquick-bestheavilyfile.best"; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchrefined-bestextremelyfile.best"; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-security.ml"; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerbigwingiveawaysuper.cyou"; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.site"; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worivo.info"; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-national-claim-free.cyou"; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-prize-giveaway-free.cyou"; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideluckypromotionfree.cyou"; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwidenationalclaimfree.cyou"; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialrewardssuper.cyou"; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideprizegiveawayfree.cyou"; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000356; rev:1;)

9
dist/pup-filter-unbound.conf vendored
View File

@ -1,13 +1,13 @@
# Title: PUP Domains Unbound Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
local-zone: "2021travel.net" always_nxdomain
local-zone: "4upgradingstablesafe.work" always_nxdomain
local-zone: "affiliateland.io" always_nxdomain
local-zone: "aikoo.club" always_nxdomain
local-zone: "amobil.online" always_nxdomain
local-zone: "appzfirer.biz" always_nxdomain
local-zone: "armorprovpn.me" always_nxdomain
@ -188,6 +188,7 @@ local-zone: "mediaevent.uno" always_nxdomain
local-zone: "medicreed.club" always_nxdomain
local-zone: "meeryslotspin.xyz" always_nxdomain
local-zone: "melanthios-ana.com" always_nxdomain
local-zone: "mindmatch.ai" always_nxdomain
local-zone: "mobileluckywinner.site" always_nxdomain
local-zone: "money-hero.org" always_nxdomain
local-zone: "movievod.me" always_nxdomain
@ -198,6 +199,7 @@ local-zone: "naughtygirlsshowall.live" always_nxdomain
local-zone: "nettrafficpartners.net" always_nxdomain
local-zone: "newbuy.xyz" always_nxdomain
local-zone: "newsinformer.net" always_nxdomain
local-zone: "newstop.life" always_nxdomain
local-zone: "offerpage.link" always_nxdomain
local-zone: "offersearch.info" always_nxdomain
local-zone: "official-bigwin-national-free.cyou" always_nxdomain
@ -237,6 +239,7 @@ local-zone: "prtctapp.me" always_nxdomain
local-zone: "quantum.work" always_nxdomain
local-zone: "quatrefeuillepolonaise.xyz" always_nxdomain
local-zone: "quickdeals.online" always_nxdomain
local-zone: "quizshein.shop" always_nxdomain
local-zone: "rancy.xyz" always_nxdomain
local-zone: "random-prize-bigwin-official.cyou" always_nxdomain
local-zone: "randomprizebigwinofficial.cyou" always_nxdomain
@ -252,6 +255,7 @@ local-zone: "search4theupdatefree.work" always_nxdomain
local-zone: "search4theupgradeset.info" always_nxdomain
local-zone: "search4upgradingset.info" always_nxdomain
local-zone: "searchmgr.online" always_nxdomain
local-zone: "seasoned.co" always_nxdomain
local-zone: "securitevpn.me" always_nxdomain
local-zone: "securityvpnpro.me" always_nxdomain
local-zone: "sergey-tracks.xyz" always_nxdomain
@ -330,7 +334,6 @@ local-zone: "upplaysite.xyz" always_nxdomain
local-zone: "usepro.me" always_nxdomain
local-zone: "useprovpn.me" always_nxdomain
local-zone: "usevpnpro.me" always_nxdomain
local-zone: "vpn1aprotectplus.com" always_nxdomain
local-zone: "vpnprosecurity.me" always_nxdomain
local-zone: "vpnsecurity.me" always_nxdomain
local-zone: "vpnservice.me" always_nxdomain

9
dist/pup-filter-vivaldi.txt vendored
View File

@ -1,13 +1,13 @@
! Title: PUP Domains Blocklist (Vivaldi)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 16 Sep 2021 00:02:56 +0000
! Updated: Thu, 16 Sep 2021 12:03:17 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
! Source: https://github.com/zhouhanc/malware-discoverer
||2021travel.net$document
||4upgradingstablesafe.work$document
||affiliateland.io$document
||aikoo.club$document
||amobil.online$document
||appzfirer.biz$document
||armorprovpn.me$document
@ -188,6 +188,7 @@
||medicreed.club$document
||meeryslotspin.xyz$document
||melanthios-ana.com$document
||mindmatch.ai$document
||mobileluckywinner.site$document
||money-hero.org$document
||movievod.me$document
@ -198,6 +199,7 @@
||nettrafficpartners.net$document
||newbuy.xyz$document
||newsinformer.net$document
||newstop.life$document
||offerpage.link$document
||offersearch.info$document
||official-bigwin-national-free.cyou$document
@ -237,6 +239,7 @@
||quantum.work$document
||quatrefeuillepolonaise.xyz$document
||quickdeals.online$document
||quizshein.shop$document
||rancy.xyz$document
||random-prize-bigwin-official.cyou$document
||randomprizebigwinofficial.cyou$document
@ -252,6 +255,7 @@
||search4theupgradeset.info$document
||search4upgradingset.info$document
||searchmgr.online$document
||seasoned.co$document
||securitevpn.me$document
||securityvpnpro.me$document
||sergey-tracks.xyz$document
@ -330,7 +334,6 @@
||usepro.me$document
||useprovpn.me$document
||usevpnpro.me$document
||vpn1aprotectplus.com$document
||vpnprosecurity.me$document
||vpnsecurity.me$document
||vpnservice.me$document

9
dist/pup-filter.tpl vendored
View File

@ -1,7 +1,7 @@
msFilterList
# Title: PUP Hosts Blocklist (IE)
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 16 Sep 2021 00:02:56 +0000
# Updated: Thu, 16 Sep 2021 12:03:17 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -10,7 +10,7 @@ msFilterList
#
-d 2021travel.net
-d 4upgradingstablesafe.work
-d affiliateland.io
-d aikoo.club
-d amobil.online
-d appzfirer.biz
-d armorprovpn.me
@ -191,6 +191,7 @@ msFilterList
-d medicreed.club
-d meeryslotspin.xyz
-d melanthios-ana.com
-d mindmatch.ai
-d mobileluckywinner.site
-d money-hero.org
-d movievod.me
@ -201,6 +202,7 @@ msFilterList
-d nettrafficpartners.net
-d newbuy.xyz
-d newsinformer.net
-d newstop.life
-d offerpage.link
-d offersearch.info
-d official-bigwin-national-free.cyou
@ -240,6 +242,7 @@ msFilterList
-d quantum.work
-d quatrefeuillepolonaise.xyz
-d quickdeals.online
-d quizshein.shop
-d rancy.xyz
-d random-prize-bigwin-official.cyou
-d randomprizebigwinofficial.cyou
@ -255,6 +258,7 @@ msFilterList
-d search4theupgradeset.info
-d search4upgradingset.info
-d searchmgr.online
-d seasoned.co
-d securitevpn.me
-d securityvpnpro.me
-d sergey-tracks.xyz
@ -333,7 +337,6 @@ msFilterList
-d usepro.me
-d useprovpn.me
-d usevpnpro.me
-d vpn1aprotectplus.com
-d vpnprosecurity.me
-d vpnsecurity.me
-d vpnservice.me

9
dist/pup-filter.txt vendored
View File

@ -1,13 +1,13 @@
! Title: PUP Domains Blocklist
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 16 Sep 2021 00:02:56 +0000
! Updated: Thu, 16 Sep 2021 12:03:17 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
! Source: https://github.com/zhouhanc/malware-discoverer
2021travel.net
4upgradingstablesafe.work
affiliateland.io
aikoo.club
amobil.online
appzfirer.biz
armorprovpn.me
@ -188,6 +188,7 @@ mediaevent.uno
medicreed.club
meeryslotspin.xyz
melanthios-ana.com
mindmatch.ai
mobileluckywinner.site
money-hero.org
movievod.me
@ -198,6 +199,7 @@ naughtygirlsshowall.live
nettrafficpartners.net
newbuy.xyz
newsinformer.net
newstop.life
offerpage.link
offersearch.info
official-bigwin-national-free.cyou
@ -237,6 +239,7 @@ prtctapp.me
quantum.work
quatrefeuillepolonaise.xyz
quickdeals.online
quizshein.shop
rancy.xyz
random-prize-bigwin-official.cyou
randomprizebigwinofficial.cyou
@ -252,6 +255,7 @@ search4theupdatefree.work
search4theupgradeset.info
search4upgradingset.info
searchmgr.online
seasoned.co
securitevpn.me
securityvpnpro.me
sergey-tracks.xyz
@ -330,7 +334,6 @@ upplaysite.xyz
usepro.me
useprovpn.me
usevpnpro.me
vpn1aprotectplus.com
vpnprosecurity.me
vpnsecurity.me
vpnservice.me