Filter updated: Sun, 05 Dec 2021 00:02:51 +0000

dist/pup-filter-ag.txt

@@ -1,6 +1,6 @@
 ! Title: PUP Domains Blocklist (AdGuard)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 04 Dec 2021 12:03:10 +0000
+! Updated: Sun, 05 Dec 2021 00:02:51 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 ||2021travel.net$all
 ||abcscience.xyz$all
 ||aikoo.club$all
+||amobil.online$all
 ||android-browser.live$all
 ||android-web.live$all
 ||aphicus.xyz$all
@@ -21,6 +22,7 @@
 ||be-n9lnns3n-ok.live$all
 ||be-us-cars-for-seniors-ok.live$all
 ||be-us-exercise-bikes-ok.live$all
+||beautinow.nl$all
 ||beinspired.global$all
 ||benefiio.org$all
 ||bkk755.biz$all
@@ -50,13 +52,12 @@
 ||claimrewards.rest$all
 ||clickon.buzz$all
 ||coatofarms.nyc$all
+||conndickens.icu$all
 ||connecttheupgradingurls.work$all
 ||consumerprotectioncybersecurity.org$all
 ||contentamigo.ru$all
 ||contentarea.ru$all
-||cooltech.blog$all
 ||country-news.live$all
-||craftstash.us$all
 ||crazyprize.buzz$all
 ||credit-monitoring-360.xyz$all
 ||crowdweightyellow.top$all
@@ -89,6 +90,7 @@
 ||enjoyastar.xyz$all
 ||enjoyavolcano.xyz$all
 ||euronordvpn.com$all
+||expatriates.pk$all
 ||exploreshops.net$all
 ||fastfactsonline.co$all
 ||fastspinc.xyz$all
@@ -111,7 +113,6 @@
 ||global-track.space$all
 ||golddellifewonder.rest$all
 ||gonesteeldouble.top$all
-||grandencryptions.me$all
 ||grantaidauthority.site$all
 ||healthfactor.io$all
 ||healthnfitness.site$all
@@ -138,7 +139,6 @@
 ||installprogressiveintenselythefile.vip$all
 ||installstronghighlythefile.vip$all
 ||intelectaction.ru$all
-||investinfo.net$all
 ||ipaint.us$all
 ||ironprovpn.me$all
 ||jojomamanbebe.ie$all
@@ -169,7 +169,6 @@
 ||koalawinterc.xyz$all
 ||koalawinterd.xyz$all
 ||koalawintere.xyz$all
-||kompsos.uk$all
 ||lackystack.net$all
 ||link4updatingcentral.work$all
 ||listenthisso.top$all
@@ -178,7 +177,7 @@
 ||loveorfun.cc$all
 ||lubbockeda.org$all
 ||luckyworldwideprizerandom.rest$all
-||marketloans.net$all
+||makingbettermoney.co$all
 ||mazestation.games$all
 ||media-cloud.ru$all
 ||mediaadvanced.ru$all
@@ -261,6 +260,7 @@
 ||prize-messsages.casa$all
 ||producthunter.club$all
 ||profitablesurvey.site$all
+||profitedsurvey.site$all
 ||profitsurvey.live$all
 ||promotionclaim.rest$all
 ||protect-ios.com$all
@@ -288,7 +288,6 @@
 ||shopin.nyc$all
 ||shopnsave.world$all
 ||smartideas.pro$all
-||smartuv.shop$all
 ||software-dealz.de$all
 ||sonic-ocean.xyz$all
 ||sonic-plains.xyz$all
@@ -301,6 +300,7 @@
 ||spotmapd.xyz$all
 ||spotmapf.xyz$all
 ||spotplanetc.xyz$all
+||stickr.co$all
 ||storeuberspeedythefile.vip$all
 ||streamdevelopedintenselythefile.vip$all
 ||streamintenselyrefinedthefile.vip$all
@@ -317,6 +317,7 @@
 ||syssysupdate.top$all
 ||systemupdateme.solutions$all
 ||taboo.news$all
+||techandgadgets.net$all
 ||thanksyoursupport.club$all
 ||the-crater.xyz$all
 ||the-sky.xyz$all
@@ -341,7 +342,6 @@
 ||tracking-landers.xyz$all
 ||trotineo.fr$all
 ||truecompassion.net$all
-||updatefix.xyz$all
 ||updateview.tech$all
 ||upplaysite.xyz$all
 ||usforeclosure.net$all
@@ -359,7 +359,6 @@
 ||videomixact.ru$all
 ||videovoiceable.ru$all
 ||videovoiceace.ru$all
-||viralsharks.net$all
 ||vpn-pro.club$all
 ||wallda.site$all
 ||web-security.ml$all

dist/pup-filter-agh.txt

@@ -1,6 +1,6 @@
 ! Title: PUP Domains Blocklist (AdGuard Home)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 04 Dec 2021 12:03:10 +0000
+! Updated: Sun, 05 Dec 2021 00:02:51 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 ||2021travel.net^
 ||abcscience.xyz^
 ||aikoo.club^
+||amobil.online^
 ||android-browser.live^
 ||android-web.live^
 ||aphicus.xyz^
@@ -21,6 +22,7 @@
 ||be-n9lnns3n-ok.live^
 ||be-us-cars-for-seniors-ok.live^
 ||be-us-exercise-bikes-ok.live^
+||beautinow.nl^
 ||beinspired.global^
 ||benefiio.org^
 ||bkk755.biz^
@@ -50,13 +52,12 @@
 ||claimrewards.rest^
 ||clickon.buzz^
 ||coatofarms.nyc^
+||conndickens.icu^
 ||connecttheupgradingurls.work^
 ||consumerprotectioncybersecurity.org^
 ||contentamigo.ru^
 ||contentarea.ru^
-||cooltech.blog^
 ||country-news.live^
-||craftstash.us^
 ||crazyprize.buzz^
 ||credit-monitoring-360.xyz^
 ||crowdweightyellow.top^
@@ -89,6 +90,7 @@
 ||enjoyastar.xyz^
 ||enjoyavolcano.xyz^
 ||euronordvpn.com^
+||expatriates.pk^
 ||exploreshops.net^
 ||fastfactsonline.co^
 ||fastspinc.xyz^
@@ -111,7 +113,6 @@
 ||global-track.space^
 ||golddellifewonder.rest^
 ||gonesteeldouble.top^
-||grandencryptions.me^
 ||grantaidauthority.site^
 ||healthfactor.io^
 ||healthnfitness.site^
@@ -138,7 +139,6 @@
 ||installprogressiveintenselythefile.vip^
 ||installstronghighlythefile.vip^
 ||intelectaction.ru^
-||investinfo.net^
 ||ipaint.us^
 ||ironprovpn.me^
 ||jojomamanbebe.ie^
@@ -169,7 +169,6 @@
 ||koalawinterc.xyz^
 ||koalawinterd.xyz^
 ||koalawintere.xyz^
-||kompsos.uk^
 ||lackystack.net^
 ||link4updatingcentral.work^
 ||listenthisso.top^
@@ -178,7 +177,7 @@
 ||loveorfun.cc^
 ||lubbockeda.org^
 ||luckyworldwideprizerandom.rest^
-||marketloans.net^
+||makingbettermoney.co^
 ||mazestation.games^
 ||media-cloud.ru^
 ||mediaadvanced.ru^
@@ -261,6 +260,7 @@
 ||prize-messsages.casa^
 ||producthunter.club^
 ||profitablesurvey.site^
+||profitedsurvey.site^
 ||profitsurvey.live^
 ||promotionclaim.rest^
 ||protect-ios.com^
@@ -288,7 +288,6 @@
 ||shopin.nyc^
 ||shopnsave.world^
 ||smartideas.pro^
-||smartuv.shop^
 ||software-dealz.de^
 ||sonic-ocean.xyz^
 ||sonic-plains.xyz^
@@ -301,6 +300,7 @@
 ||spotmapd.xyz^
 ||spotmapf.xyz^
 ||spotplanetc.xyz^
+||stickr.co^
 ||storeuberspeedythefile.vip^
 ||streamdevelopedintenselythefile.vip^
 ||streamintenselyrefinedthefile.vip^
@@ -317,6 +317,7 @@
 ||syssysupdate.top^
 ||systemupdateme.solutions^
 ||taboo.news^
+||techandgadgets.net^
 ||thanksyoursupport.club^
 ||the-crater.xyz^
 ||the-sky.xyz^
@@ -341,7 +342,6 @@
 ||tracking-landers.xyz^
 ||trotineo.fr^
 ||truecompassion.net^
-||updatefix.xyz^
 ||updateview.tech^
 ||upplaysite.xyz^
 ||usforeclosure.net^
@@ -359,7 +359,6 @@
 ||videomixact.ru^
 ||videovoiceable.ru^
 ||videovoiceace.ru^
-||viralsharks.net^
 ||vpn-pro.club^
 ||wallda.site^
 ||web-security.ml^

dist/pup-filter-bind.conf

@@ -1,6 +1,6 @@
 # Title: PUP Domains BIND Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 zone "2021travel.net" { type master; notify no; file "null.zone.file"; };
 zone "abcscience.xyz" { type master; notify no; file "null.zone.file"; };
 zone "aikoo.club" { type master; notify no; file "null.zone.file"; };
+zone "amobil.online" { type master; notify no; file "null.zone.file"; };
 zone "android-browser.live" { type master; notify no; file "null.zone.file"; };
 zone "android-web.live" { type master; notify no; file "null.zone.file"; };
 zone "aphicus.xyz" { type master; notify no; file "null.zone.file"; };
@@ -21,6 +22,7 @@ zone "be-5hdo32xes-ok.live" { type master; notify no; file "null.zone.file"; };
 zone "be-n9lnns3n-ok.live" { type master; notify no; file "null.zone.file"; };
 zone "be-us-cars-for-seniors-ok.live" { type master; notify no; file "null.zone.file"; };
 zone "be-us-exercise-bikes-ok.live" { type master; notify no; file "null.zone.file"; };
+zone "beautinow.nl" { type master; notify no; file "null.zone.file"; };
 zone "beinspired.global" { type master; notify no; file "null.zone.file"; };
 zone "benefiio.org" { type master; notify no; file "null.zone.file"; };
 zone "bkk755.biz" { type master; notify no; file "null.zone.file"; };
@@ -50,13 +52,12 @@ zone "chipovysta.pro" { type master; notify no; file "null.zone.file"; };
 zone "claimrewards.rest" { type master; notify no; file "null.zone.file"; };
 zone "clickon.buzz" { type master; notify no; file "null.zone.file"; };
 zone "coatofarms.nyc" { type master; notify no; file "null.zone.file"; };
+zone "conndickens.icu" { type master; notify no; file "null.zone.file"; };
 zone "connecttheupgradingurls.work" { type master; notify no; file "null.zone.file"; };
 zone "consumerprotectioncybersecurity.org" { type master; notify no; file "null.zone.file"; };
 zone "contentamigo.ru" { type master; notify no; file "null.zone.file"; };
 zone "contentarea.ru" { type master; notify no; file "null.zone.file"; };
-zone "cooltech.blog" { type master; notify no; file "null.zone.file"; };
 zone "country-news.live" { type master; notify no; file "null.zone.file"; };
-zone "craftstash.us" { type master; notify no; file "null.zone.file"; };
 zone "crazyprize.buzz" { type master; notify no; file "null.zone.file"; };
 zone "credit-monitoring-360.xyz" { type master; notify no; file "null.zone.file"; };
 zone "crowdweightyellow.top" { type master; notify no; file "null.zone.file"; };
@@ -89,6 +90,7 @@ zone "enjoyasky.xyz" { type master; notify no; file "null.zone.file"; };
 zone "enjoyastar.xyz" { type master; notify no; file "null.zone.file"; };
 zone "enjoyavolcano.xyz" { type master; notify no; file "null.zone.file"; };
 zone "euronordvpn.com" { type master; notify no; file "null.zone.file"; };
+zone "expatriates.pk" { type master; notify no; file "null.zone.file"; };
 zone "exploreshops.net" { type master; notify no; file "null.zone.file"; };
 zone "fastfactsonline.co" { type master; notify no; file "null.zone.file"; };
 zone "fastspinc.xyz" { type master; notify no; file "null.zone.file"; };
@@ -111,7 +113,6 @@ zone "gladmstreet.xyz" { type master; notify no; file "null.zone.file"; };
 zone "global-track.space" { type master; notify no; file "null.zone.file"; };
 zone "golddellifewonder.rest" { type master; notify no; file "null.zone.file"; };
 zone "gonesteeldouble.top" { type master; notify no; file "null.zone.file"; };
-zone "grandencryptions.me" { type master; notify no; file "null.zone.file"; };
 zone "grantaidauthority.site" { type master; notify no; file "null.zone.file"; };
 zone "healthfactor.io" { type master; notify no; file "null.zone.file"; };
 zone "healthnfitness.site" { type master; notify no; file "null.zone.file"; };
@@ -138,7 +139,6 @@ zone "installprecisehighlythefile.vip" { type master; notify no; file "null.zone
 zone "installprogressiveintenselythefile.vip" { type master; notify no; file "null.zone.file"; };
 zone "installstronghighlythefile.vip" { type master; notify no; file "null.zone.file"; };
 zone "intelectaction.ru" { type master; notify no; file "null.zone.file"; };
-zone "investinfo.net" { type master; notify no; file "null.zone.file"; };
 zone "ipaint.us" { type master; notify no; file "null.zone.file"; };
 zone "ironprovpn.me" { type master; notify no; file "null.zone.file"; };
 zone "jojomamanbebe.ie" { type master; notify no; file "null.zone.file"; };
@@ -169,7 +169,6 @@ zone "koalawinterb.xyz" { type master; notify no; file "null.zone.file"; };
 zone "koalawinterc.xyz" { type master; notify no; file "null.zone.file"; };
 zone "koalawinterd.xyz" { type master; notify no; file "null.zone.file"; };
 zone "koalawintere.xyz" { type master; notify no; file "null.zone.file"; };
-zone "kompsos.uk" { type master; notify no; file "null.zone.file"; };
 zone "lackystack.net" { type master; notify no; file "null.zone.file"; };
 zone "link4updatingcentral.work" { type master; notify no; file "null.zone.file"; };
 zone "listenthisso.top" { type master; notify no; file "null.zone.file"; };
@@ -178,7 +177,7 @@ zone "louisvillegigs.net" { type master; notify no; file "null.zone.file"; };
 zone "loveorfun.cc" { type master; notify no; file "null.zone.file"; };
 zone "lubbockeda.org" { type master; notify no; file "null.zone.file"; };
 zone "luckyworldwideprizerandom.rest" { type master; notify no; file "null.zone.file"; };
-zone "marketloans.net" { type master; notify no; file "null.zone.file"; };
+zone "makingbettermoney.co" { type master; notify no; file "null.zone.file"; };
 zone "mazestation.games" { type master; notify no; file "null.zone.file"; };
 zone "media-cloud.ru" { type master; notify no; file "null.zone.file"; };
 zone "mediaadvanced.ru" { type master; notify no; file "null.zone.file"; };
@@ -261,6 +260,7 @@ zone "press-news-for.me" { type master; notify no; file "null.zone.file"; };
 zone "prize-messsages.casa" { type master; notify no; file "null.zone.file"; };
 zone "producthunter.club" { type master; notify no; file "null.zone.file"; };
 zone "profitablesurvey.site" { type master; notify no; file "null.zone.file"; };
+zone "profitedsurvey.site" { type master; notify no; file "null.zone.file"; };
 zone "profitsurvey.live" { type master; notify no; file "null.zone.file"; };
 zone "promotionclaim.rest" { type master; notify no; file "null.zone.file"; };
 zone "protect-ios.com" { type master; notify no; file "null.zone.file"; };
@@ -288,7 +288,6 @@ zone "sergey-tracks.xyz" { type master; notify no; file "null.zone.file"; };
 zone "shopin.nyc" { type master; notify no; file "null.zone.file"; };
 zone "shopnsave.world" { type master; notify no; file "null.zone.file"; };
 zone "smartideas.pro" { type master; notify no; file "null.zone.file"; };
-zone "smartuv.shop" { type master; notify no; file "null.zone.file"; };
 zone "software-dealz.de" { type master; notify no; file "null.zone.file"; };
 zone "sonic-ocean.xyz" { type master; notify no; file "null.zone.file"; };
 zone "sonic-plains.xyz" { type master; notify no; file "null.zone.file"; };
@@ -301,6 +300,7 @@ zone "sonicacrater.xyz" { type master; notify no; file "null.zone.file"; };
 zone "spotmapd.xyz" { type master; notify no; file "null.zone.file"; };
 zone "spotmapf.xyz" { type master; notify no; file "null.zone.file"; };
 zone "spotplanetc.xyz" { type master; notify no; file "null.zone.file"; };
+zone "stickr.co" { type master; notify no; file "null.zone.file"; };
 zone "storeuberspeedythefile.vip" { type master; notify no; file "null.zone.file"; };
 zone "streamdevelopedintenselythefile.vip" { type master; notify no; file "null.zone.file"; };
 zone "streamintenselyrefinedthefile.vip" { type master; notify no; file "null.zone.file"; };
@@ -317,6 +317,7 @@ zone "syncrecentintenselythefile.vip" { type master; notify no; file "null.zone.
 zone "syssysupdate.top" { type master; notify no; file "null.zone.file"; };
 zone "systemupdateme.solutions" { type master; notify no; file "null.zone.file"; };
 zone "taboo.news" { type master; notify no; file "null.zone.file"; };
+zone "techandgadgets.net" { type master; notify no; file "null.zone.file"; };
 zone "thanksyoursupport.club" { type master; notify no; file "null.zone.file"; };
 zone "the-crater.xyz" { type master; notify no; file "null.zone.file"; };
 zone "the-sky.xyz" { type master; notify no; file "null.zone.file"; };
@@ -341,7 +342,6 @@ zone "topdating.online" { type master; notify no; file "null.zone.file"; };
 zone "tracking-landers.xyz" { type master; notify no; file "null.zone.file"; };
 zone "trotineo.fr" { type master; notify no; file "null.zone.file"; };
 zone "truecompassion.net" { type master; notify no; file "null.zone.file"; };
-zone "updatefix.xyz" { type master; notify no; file "null.zone.file"; };
 zone "updateview.tech" { type master; notify no; file "null.zone.file"; };
 zone "upplaysite.xyz" { type master; notify no; file "null.zone.file"; };
 zone "usforeclosure.net" { type master; notify no; file "null.zone.file"; };
@@ -359,7 +359,6 @@ zone "videomixace.ru" { type master; notify no; file "null.zone.file"; };
 zone "videomixact.ru" { type master; notify no; file "null.zone.file"; };
 zone "videovoiceable.ru" { type master; notify no; file "null.zone.file"; };
 zone "videovoiceace.ru" { type master; notify no; file "null.zone.file"; };
-zone "viralsharks.net" { type master; notify no; file "null.zone.file"; };
 zone "vpn-pro.club" { type master; notify no; file "null.zone.file"; };
 zone "wallda.site" { type master; notify no; file "null.zone.file"; };
 zone "web-security.ml" { type master; notify no; file "null.zone.file"; };

dist/pup-filter-dnscrypt-blocked-names.txt

@@ -1,6 +1,6 @@
 # Title: PUP Names Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 2021travel.net
 abcscience.xyz
 aikoo.club
+amobil.online
 android-browser.live
 android-web.live
 aphicus.xyz
@@ -21,6 +22,7 @@ be-5hdo32xes-ok.live
 be-n9lnns3n-ok.live
 be-us-cars-for-seniors-ok.live
 be-us-exercise-bikes-ok.live
+beautinow.nl
 beinspired.global
 benefiio.org
 bkk755.biz
@@ -50,13 +52,12 @@ chipovysta.pro
 claimrewards.rest
 clickon.buzz
 coatofarms.nyc
+conndickens.icu
 connecttheupgradingurls.work
 consumerprotectioncybersecurity.org
 contentamigo.ru
 contentarea.ru
-cooltech.blog
 country-news.live
-craftstash.us
 crazyprize.buzz
 credit-monitoring-360.xyz
 crowdweightyellow.top
@@ -89,6 +90,7 @@ enjoyasky.xyz
 enjoyastar.xyz
 enjoyavolcano.xyz
 euronordvpn.com
+expatriates.pk
 exploreshops.net
 fastfactsonline.co
 fastspinc.xyz
@@ -111,7 +113,6 @@ gladmstreet.xyz
 global-track.space
 golddellifewonder.rest
 gonesteeldouble.top
-grandencryptions.me
 grantaidauthority.site
 healthfactor.io
 healthnfitness.site
@@ -138,7 +139,6 @@ installprecisehighlythefile.vip
 installprogressiveintenselythefile.vip
 installstronghighlythefile.vip
 intelectaction.ru
-investinfo.net
 ipaint.us
 ironprovpn.me
 jojomamanbebe.ie
@@ -169,7 +169,6 @@ koalawinterb.xyz
 koalawinterc.xyz
 koalawinterd.xyz
 koalawintere.xyz
-kompsos.uk
 lackystack.net
 link4updatingcentral.work
 listenthisso.top
@@ -178,7 +177,7 @@ louisvillegigs.net
 loveorfun.cc
 lubbockeda.org
 luckyworldwideprizerandom.rest
-marketloans.net
+makingbettermoney.co
 mazestation.games
 media-cloud.ru
 mediaadvanced.ru
@@ -261,6 +260,7 @@ press-news-for.me
 prize-messsages.casa
 producthunter.club
 profitablesurvey.site
+profitedsurvey.site
 profitsurvey.live
 promotionclaim.rest
 protect-ios.com
@@ -288,7 +288,6 @@ sergey-tracks.xyz
 shopin.nyc
 shopnsave.world
 smartideas.pro
-smartuv.shop
 software-dealz.de
 sonic-ocean.xyz
 sonic-plains.xyz
@@ -301,6 +300,7 @@ sonicacrater.xyz
 spotmapd.xyz
 spotmapf.xyz
 spotplanetc.xyz
+stickr.co
 storeuberspeedythefile.vip
 streamdevelopedintenselythefile.vip
 streamintenselyrefinedthefile.vip
@@ -317,6 +317,7 @@ syncrecentintenselythefile.vip
 syssysupdate.top
 systemupdateme.solutions
 taboo.news
+techandgadgets.net
 thanksyoursupport.club
 the-crater.xyz
 the-sky.xyz
@@ -341,7 +342,6 @@ topdating.online
 tracking-landers.xyz
 trotineo.fr
 truecompassion.net
-updatefix.xyz
 updateview.tech
 upplaysite.xyz
 usforeclosure.net
@@ -359,7 +359,6 @@ videomixace.ru
 videomixact.ru
 videovoiceable.ru
 videovoiceace.ru
-viralsharks.net
 vpn-pro.club
 wallda.site
 web-security.ml

dist/pup-filter-dnsmasq.conf

@@ -1,6 +1,6 @@
 # Title: PUP Domains dnsmasq Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 address=/2021travel.net/0.0.0.0
 address=/abcscience.xyz/0.0.0.0
 address=/aikoo.club/0.0.0.0
+address=/amobil.online/0.0.0.0
 address=/android-browser.live/0.0.0.0
 address=/android-web.live/0.0.0.0
 address=/aphicus.xyz/0.0.0.0
@@ -21,6 +22,7 @@ address=/be-5hdo32xes-ok.live/0.0.0.0
 address=/be-n9lnns3n-ok.live/0.0.0.0
 address=/be-us-cars-for-seniors-ok.live/0.0.0.0
 address=/be-us-exercise-bikes-ok.live/0.0.0.0
+address=/beautinow.nl/0.0.0.0
 address=/beinspired.global/0.0.0.0
 address=/benefiio.org/0.0.0.0
 address=/bkk755.biz/0.0.0.0
@@ -50,13 +52,12 @@ address=/chipovysta.pro/0.0.0.0
 address=/claimrewards.rest/0.0.0.0
 address=/clickon.buzz/0.0.0.0
 address=/coatofarms.nyc/0.0.0.0
+address=/conndickens.icu/0.0.0.0
 address=/connecttheupgradingurls.work/0.0.0.0
 address=/consumerprotectioncybersecurity.org/0.0.0.0
 address=/contentamigo.ru/0.0.0.0
 address=/contentarea.ru/0.0.0.0
-address=/cooltech.blog/0.0.0.0
 address=/country-news.live/0.0.0.0
-address=/craftstash.us/0.0.0.0
 address=/crazyprize.buzz/0.0.0.0
 address=/credit-monitoring-360.xyz/0.0.0.0
 address=/crowdweightyellow.top/0.0.0.0
@@ -89,6 +90,7 @@ address=/enjoyasky.xyz/0.0.0.0
 address=/enjoyastar.xyz/0.0.0.0
 address=/enjoyavolcano.xyz/0.0.0.0
 address=/euronordvpn.com/0.0.0.0
+address=/expatriates.pk/0.0.0.0
 address=/exploreshops.net/0.0.0.0
 address=/fastfactsonline.co/0.0.0.0
 address=/fastspinc.xyz/0.0.0.0
@@ -111,7 +113,6 @@ address=/gladmstreet.xyz/0.0.0.0
 address=/global-track.space/0.0.0.0
 address=/golddellifewonder.rest/0.0.0.0
 address=/gonesteeldouble.top/0.0.0.0
-address=/grandencryptions.me/0.0.0.0
 address=/grantaidauthority.site/0.0.0.0
 address=/healthfactor.io/0.0.0.0
 address=/healthnfitness.site/0.0.0.0
@@ -138,7 +139,6 @@ address=/installprecisehighlythefile.vip/0.0.0.0
 address=/installprogressiveintenselythefile.vip/0.0.0.0
 address=/installstronghighlythefile.vip/0.0.0.0
 address=/intelectaction.ru/0.0.0.0
-address=/investinfo.net/0.0.0.0
 address=/ipaint.us/0.0.0.0
 address=/ironprovpn.me/0.0.0.0
 address=/jojomamanbebe.ie/0.0.0.0
@@ -169,7 +169,6 @@ address=/koalawinterb.xyz/0.0.0.0
 address=/koalawinterc.xyz/0.0.0.0
 address=/koalawinterd.xyz/0.0.0.0
 address=/koalawintere.xyz/0.0.0.0
-address=/kompsos.uk/0.0.0.0
 address=/lackystack.net/0.0.0.0
 address=/link4updatingcentral.work/0.0.0.0
 address=/listenthisso.top/0.0.0.0
@@ -178,7 +177,7 @@ address=/louisvillegigs.net/0.0.0.0
 address=/loveorfun.cc/0.0.0.0
 address=/lubbockeda.org/0.0.0.0
 address=/luckyworldwideprizerandom.rest/0.0.0.0
-address=/marketloans.net/0.0.0.0
+address=/makingbettermoney.co/0.0.0.0
 address=/mazestation.games/0.0.0.0
 address=/media-cloud.ru/0.0.0.0
 address=/mediaadvanced.ru/0.0.0.0
@@ -261,6 +260,7 @@ address=/press-news-for.me/0.0.0.0
 address=/prize-messsages.casa/0.0.0.0
 address=/producthunter.club/0.0.0.0
 address=/profitablesurvey.site/0.0.0.0
+address=/profitedsurvey.site/0.0.0.0
 address=/profitsurvey.live/0.0.0.0
 address=/promotionclaim.rest/0.0.0.0
 address=/protect-ios.com/0.0.0.0
@@ -288,7 +288,6 @@ address=/sergey-tracks.xyz/0.0.0.0
 address=/shopin.nyc/0.0.0.0
 address=/shopnsave.world/0.0.0.0
 address=/smartideas.pro/0.0.0.0
-address=/smartuv.shop/0.0.0.0
 address=/software-dealz.de/0.0.0.0
 address=/sonic-ocean.xyz/0.0.0.0
 address=/sonic-plains.xyz/0.0.0.0
@@ -301,6 +300,7 @@ address=/sonicacrater.xyz/0.0.0.0
 address=/spotmapd.xyz/0.0.0.0
 address=/spotmapf.xyz/0.0.0.0
 address=/spotplanetc.xyz/0.0.0.0
+address=/stickr.co/0.0.0.0
 address=/storeuberspeedythefile.vip/0.0.0.0
 address=/streamdevelopedintenselythefile.vip/0.0.0.0
 address=/streamintenselyrefinedthefile.vip/0.0.0.0
@@ -317,6 +317,7 @@ address=/syncrecentintenselythefile.vip/0.0.0.0
 address=/syssysupdate.top/0.0.0.0
 address=/systemupdateme.solutions/0.0.0.0
 address=/taboo.news/0.0.0.0
+address=/techandgadgets.net/0.0.0.0
 address=/thanksyoursupport.club/0.0.0.0
 address=/the-crater.xyz/0.0.0.0
 address=/the-sky.xyz/0.0.0.0
@@ -341,7 +342,6 @@ address=/topdating.online/0.0.0.0
 address=/tracking-landers.xyz/0.0.0.0
 address=/trotineo.fr/0.0.0.0
 address=/truecompassion.net/0.0.0.0
-address=/updatefix.xyz/0.0.0.0
 address=/updateview.tech/0.0.0.0
 address=/upplaysite.xyz/0.0.0.0
 address=/usforeclosure.net/0.0.0.0
@@ -359,7 +359,6 @@ address=/videomixace.ru/0.0.0.0
 address=/videomixact.ru/0.0.0.0
 address=/videovoiceable.ru/0.0.0.0
 address=/videovoiceace.ru/0.0.0.0
-address=/viralsharks.net/0.0.0.0
 address=/vpn-pro.club/0.0.0.0
 address=/wallda.site/0.0.0.0
 address=/web-security.ml/0.0.0.0

dist/pup-filter-domains.txt

@@ -1,6 +1,6 @@
 # Title: PUP Domains Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 2021travel.net
 abcscience.xyz
 aikoo.club
+amobil.online
 android-browser.live
 android-web.live
 aphicus.xyz
@@ -21,6 +22,7 @@ be-5hdo32xes-ok.live
 be-n9lnns3n-ok.live
 be-us-cars-for-seniors-ok.live
 be-us-exercise-bikes-ok.live
+beautinow.nl
 beinspired.global
 benefiio.org
 bkk755.biz
@@ -50,13 +52,12 @@ chipovysta.pro
 claimrewards.rest
 clickon.buzz
 coatofarms.nyc
+conndickens.icu
 connecttheupgradingurls.work
 consumerprotectioncybersecurity.org
 contentamigo.ru
 contentarea.ru
-cooltech.blog
 country-news.live
-craftstash.us
 crazyprize.buzz
 credit-monitoring-360.xyz
 crowdweightyellow.top
@@ -89,6 +90,7 @@ enjoyasky.xyz
 enjoyastar.xyz
 enjoyavolcano.xyz
 euronordvpn.com
+expatriates.pk
 exploreshops.net
 fastfactsonline.co
 fastspinc.xyz
@@ -111,7 +113,6 @@ gladmstreet.xyz
 global-track.space
 golddellifewonder.rest
 gonesteeldouble.top
-grandencryptions.me
 grantaidauthority.site
 healthfactor.io
 healthnfitness.site
@@ -138,7 +139,6 @@ installprecisehighlythefile.vip
 installprogressiveintenselythefile.vip
 installstronghighlythefile.vip
 intelectaction.ru
-investinfo.net
 ipaint.us
 ironprovpn.me
 jojomamanbebe.ie
@@ -169,7 +169,6 @@ koalawinterb.xyz
 koalawinterc.xyz
 koalawinterd.xyz
 koalawintere.xyz
-kompsos.uk
 lackystack.net
 link4updatingcentral.work
 listenthisso.top
@@ -178,7 +177,7 @@ louisvillegigs.net
 loveorfun.cc
 lubbockeda.org
 luckyworldwideprizerandom.rest
-marketloans.net
+makingbettermoney.co
 mazestation.games
 media-cloud.ru
 mediaadvanced.ru
@@ -261,6 +260,7 @@ press-news-for.me
 prize-messsages.casa
 producthunter.club
 profitablesurvey.site
+profitedsurvey.site
 profitsurvey.live
 promotionclaim.rest
 protect-ios.com
@@ -288,7 +288,6 @@ sergey-tracks.xyz
 shopin.nyc
 shopnsave.world
 smartideas.pro
-smartuv.shop
 software-dealz.de
 sonic-ocean.xyz
 sonic-plains.xyz
@@ -301,6 +300,7 @@ sonicacrater.xyz
 spotmapd.xyz
 spotmapf.xyz
 spotplanetc.xyz
+stickr.co
 storeuberspeedythefile.vip
 streamdevelopedintenselythefile.vip
 streamintenselyrefinedthefile.vip
@@ -317,6 +317,7 @@ syncrecentintenselythefile.vip
 syssysupdate.top
 systemupdateme.solutions
 taboo.news
+techandgadgets.net
 thanksyoursupport.club
 the-crater.xyz
 the-sky.xyz
@@ -341,7 +342,6 @@ topdating.online
 tracking-landers.xyz
 trotineo.fr
 truecompassion.net
-updatefix.xyz
 updateview.tech
 upplaysite.xyz
 usforeclosure.net
@@ -359,7 +359,6 @@ videomixace.ru
 videomixact.ru
 videovoiceable.ru
 videovoiceace.ru
-viralsharks.net
 vpn-pro.club
 wallda.site
 web-security.ml

dist/pup-filter-hosts.txt

@@ -1,6 +1,6 @@
 # Title: PUP Hosts Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 0.0.0.0 2021travel.net
 0.0.0.0 abcscience.xyz
 0.0.0.0 aikoo.club
+0.0.0.0 amobil.online
 0.0.0.0 android-browser.live
 0.0.0.0 android-web.live
 0.0.0.0 aphicus.xyz
@@ -21,6 +22,7 @@
 0.0.0.0 be-n9lnns3n-ok.live
 0.0.0.0 be-us-cars-for-seniors-ok.live
 0.0.0.0 be-us-exercise-bikes-ok.live
+0.0.0.0 beautinow.nl
 0.0.0.0 beinspired.global
 0.0.0.0 benefiio.org
 0.0.0.0 bkk755.biz
@@ -50,13 +52,12 @@
 0.0.0.0 claimrewards.rest
 0.0.0.0 clickon.buzz
 0.0.0.0 coatofarms.nyc
+0.0.0.0 conndickens.icu
 0.0.0.0 connecttheupgradingurls.work
 0.0.0.0 consumerprotectioncybersecurity.org
 0.0.0.0 contentamigo.ru
 0.0.0.0 contentarea.ru
-0.0.0.0 cooltech.blog
 0.0.0.0 country-news.live
-0.0.0.0 craftstash.us
 0.0.0.0 crazyprize.buzz
 0.0.0.0 credit-monitoring-360.xyz
 0.0.0.0 crowdweightyellow.top
@@ -89,6 +90,7 @@
 0.0.0.0 enjoyastar.xyz
 0.0.0.0 enjoyavolcano.xyz
 0.0.0.0 euronordvpn.com
+0.0.0.0 expatriates.pk
 0.0.0.0 exploreshops.net
 0.0.0.0 fastfactsonline.co
 0.0.0.0 fastspinc.xyz
@@ -111,7 +113,6 @@
 0.0.0.0 global-track.space
 0.0.0.0 golddellifewonder.rest
 0.0.0.0 gonesteeldouble.top
-0.0.0.0 grandencryptions.me
 0.0.0.0 grantaidauthority.site
 0.0.0.0 healthfactor.io
 0.0.0.0 healthnfitness.site
@@ -138,7 +139,6 @@
 0.0.0.0 installprogressiveintenselythefile.vip
 0.0.0.0 installstronghighlythefile.vip
 0.0.0.0 intelectaction.ru
-0.0.0.0 investinfo.net
 0.0.0.0 ipaint.us
 0.0.0.0 ironprovpn.me
 0.0.0.0 jojomamanbebe.ie
@@ -169,7 +169,6 @@
 0.0.0.0 koalawinterc.xyz
 0.0.0.0 koalawinterd.xyz
 0.0.0.0 koalawintere.xyz
-0.0.0.0 kompsos.uk
 0.0.0.0 lackystack.net
 0.0.0.0 link4updatingcentral.work
 0.0.0.0 listenthisso.top
@@ -178,7 +177,7 @@
 0.0.0.0 loveorfun.cc
 0.0.0.0 lubbockeda.org
 0.0.0.0 luckyworldwideprizerandom.rest
-0.0.0.0 marketloans.net
+0.0.0.0 makingbettermoney.co
 0.0.0.0 mazestation.games
 0.0.0.0 media-cloud.ru
 0.0.0.0 mediaadvanced.ru
@@ -261,6 +260,7 @@
 0.0.0.0 prize-messsages.casa
 0.0.0.0 producthunter.club
 0.0.0.0 profitablesurvey.site
+0.0.0.0 profitedsurvey.site
 0.0.0.0 profitsurvey.live
 0.0.0.0 promotionclaim.rest
 0.0.0.0 protect-ios.com
@@ -288,7 +288,6 @@
 0.0.0.0 shopin.nyc
 0.0.0.0 shopnsave.world
 0.0.0.0 smartideas.pro
-0.0.0.0 smartuv.shop
 0.0.0.0 software-dealz.de
 0.0.0.0 sonic-ocean.xyz
 0.0.0.0 sonic-plains.xyz
@@ -301,6 +300,7 @@
 0.0.0.0 spotmapd.xyz
 0.0.0.0 spotmapf.xyz
 0.0.0.0 spotplanetc.xyz
+0.0.0.0 stickr.co
 0.0.0.0 storeuberspeedythefile.vip
 0.0.0.0 streamdevelopedintenselythefile.vip
 0.0.0.0 streamintenselyrefinedthefile.vip
@@ -317,6 +317,7 @@
 0.0.0.0 syssysupdate.top
 0.0.0.0 systemupdateme.solutions
 0.0.0.0 taboo.news
+0.0.0.0 techandgadgets.net
 0.0.0.0 thanksyoursupport.club
 0.0.0.0 the-crater.xyz
 0.0.0.0 the-sky.xyz
@@ -341,7 +342,6 @@
 0.0.0.0 tracking-landers.xyz
 0.0.0.0 trotineo.fr
 0.0.0.0 truecompassion.net
-0.0.0.0 updatefix.xyz
 0.0.0.0 updateview.tech
 0.0.0.0 upplaysite.xyz
 0.0.0.0 usforeclosure.net
@@ -359,7 +359,6 @@
 0.0.0.0 videomixact.ru
 0.0.0.0 videovoiceable.ru
 0.0.0.0 videovoiceace.ru
-0.0.0.0 viralsharks.net
 0.0.0.0 vpn-pro.club
 0.0.0.0 wallda.site
 0.0.0.0 web-security.ml

dist/pup-filter-rpz.conf

@@ -1,18 +1,19 @@
 ; Title: PUP Domains RPZ Blocklist
 ; Description: Block domains that host potentially unwanted programs (PUP)
-; Updated: Sat, 04 Dec 2021 12:03:10 +0000
+; Updated: Sun, 05 Dec 2021 00:02:51 +0000
 ; Expires: 1 day (update frequency)
 ; Homepage: https://gitlab.com/curben/pup-filter
 ; License: https://gitlab.com/curben/pup-filter#license
 ; Source: https://github.com/zhouhanc/malware-discoverer
 
 $TTL 30
-@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1638619390 86400 3600 604800 30
+@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1638662571 86400 3600 604800 30
  NS localhost.
 
 2021travel.net CNAME .
 abcscience.xyz CNAME .
 aikoo.club CNAME .
+amobil.online CNAME .
 android-browser.live CNAME .
 android-web.live CNAME .
 aphicus.xyz CNAME .
@@ -26,6 +27,7 @@ be-5hdo32xes-ok.live CNAME .
 be-n9lnns3n-ok.live CNAME .
 be-us-cars-for-seniors-ok.live CNAME .
 be-us-exercise-bikes-ok.live CNAME .
+beautinow.nl CNAME .
 beinspired.global CNAME .
 benefiio.org CNAME .
 bkk755.biz CNAME .
@@ -55,13 +57,12 @@ chipovysta.pro CNAME .
 claimrewards.rest CNAME .
 clickon.buzz CNAME .
 coatofarms.nyc CNAME .
+conndickens.icu CNAME .
 connecttheupgradingurls.work CNAME .
 consumerprotectioncybersecurity.org CNAME .
 contentamigo.ru CNAME .
 contentarea.ru CNAME .
-cooltech.blog CNAME .
 country-news.live CNAME .
-craftstash.us CNAME .
 crazyprize.buzz CNAME .
 credit-monitoring-360.xyz CNAME .
 crowdweightyellow.top CNAME .
@@ -94,6 +95,7 @@ enjoyasky.xyz CNAME .
 enjoyastar.xyz CNAME .
 enjoyavolcano.xyz CNAME .
 euronordvpn.com CNAME .
+expatriates.pk CNAME .
 exploreshops.net CNAME .
 fastfactsonline.co CNAME .
 fastspinc.xyz CNAME .
@@ -116,7 +118,6 @@ gladmstreet.xyz CNAME .
 global-track.space CNAME .
 golddellifewonder.rest CNAME .
 gonesteeldouble.top CNAME .
-grandencryptions.me CNAME .
 grantaidauthority.site CNAME .
 healthfactor.io CNAME .
 healthnfitness.site CNAME .
@@ -143,7 +144,6 @@ installprecisehighlythefile.vip CNAME .
 installprogressiveintenselythefile.vip CNAME .
 installstronghighlythefile.vip CNAME .
 intelectaction.ru CNAME .
-investinfo.net CNAME .
 ipaint.us CNAME .
 ironprovpn.me CNAME .
 jojomamanbebe.ie CNAME .
@@ -174,7 +174,6 @@ koalawinterb.xyz CNAME .
 koalawinterc.xyz CNAME .
 koalawinterd.xyz CNAME .
 koalawintere.xyz CNAME .
-kompsos.uk CNAME .
 lackystack.net CNAME .
 link4updatingcentral.work CNAME .
 listenthisso.top CNAME .
@@ -183,7 +182,7 @@ louisvillegigs.net CNAME .
 loveorfun.cc CNAME .
 lubbockeda.org CNAME .
 luckyworldwideprizerandom.rest CNAME .
-marketloans.net CNAME .
+makingbettermoney.co CNAME .
 mazestation.games CNAME .
 media-cloud.ru CNAME .
 mediaadvanced.ru CNAME .
@@ -266,6 +265,7 @@ press-news-for.me CNAME .
 prize-messsages.casa CNAME .
 producthunter.club CNAME .
 profitablesurvey.site CNAME .
+profitedsurvey.site CNAME .
 profitsurvey.live CNAME .
 promotionclaim.rest CNAME .
 protect-ios.com CNAME .
@@ -293,7 +293,6 @@ sergey-tracks.xyz CNAME .
 shopin.nyc CNAME .
 shopnsave.world CNAME .
 smartideas.pro CNAME .
-smartuv.shop CNAME .
 software-dealz.de CNAME .
 sonic-ocean.xyz CNAME .
 sonic-plains.xyz CNAME .
@@ -306,6 +305,7 @@ sonicacrater.xyz CNAME .
 spotmapd.xyz CNAME .
 spotmapf.xyz CNAME .
 spotplanetc.xyz CNAME .
+stickr.co CNAME .
 storeuberspeedythefile.vip CNAME .
 streamdevelopedintenselythefile.vip CNAME .
 streamintenselyrefinedthefile.vip CNAME .
@@ -322,6 +322,7 @@ syncrecentintenselythefile.vip CNAME .
 syssysupdate.top CNAME .
 systemupdateme.solutions CNAME .
 taboo.news CNAME .
+techandgadgets.net CNAME .
 thanksyoursupport.club CNAME .
 the-crater.xyz CNAME .
 the-sky.xyz CNAME .
@@ -346,7 +347,6 @@ topdating.online CNAME .
 tracking-landers.xyz CNAME .
 trotineo.fr CNAME .
 truecompassion.net CNAME .
-updatefix.xyz CNAME .
 updateview.tech CNAME .
 upplaysite.xyz CNAME .
 usforeclosure.net CNAME .
@@ -364,7 +364,6 @@ videomixace.ru CNAME .
 videomixact.ru CNAME .
 videovoiceable.ru CNAME .
 videovoiceace.ru CNAME .
-viralsharks.net CNAME .
 vpn-pro.club CNAME .
 wallda.site CNAME .
 web-security.ml CNAME .

dist/pup-filter-snort2.rules

@@ -1,6 +1,6 @@
 # Title: PUP Domains Snort2 Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,137 +8,137 @@
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"2021travel.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000001; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"abcscience.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-browser.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-web.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aphicus.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"benefiio.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"brightlifestyle.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000029; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000030; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000031; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000032; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000033; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000034; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000035; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeracoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000036; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeramountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000037; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centerastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000038; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeravolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chatverse.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkstableaupdatinglinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chipovysta.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimrewards.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"clickon.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"coatofarms.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connecttheupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cooltech.blog"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"craftstash.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crowdweightyellow.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000055; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curfiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000056; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curiositydstream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000057; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curuiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000058; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymoneysaver.money"; content:"Host"; http_header; classtype:web-application-activity; sid:300000059; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyrep.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000060; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"darkview.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000061; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dayinlife.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000062; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealsify.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000063; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"discoveryfeed.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000064; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dutycalls.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000065; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"efladn.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000066; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"elpelades.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000067; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000068; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000069; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000070; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000071; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000072; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyacoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyasky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"euronordvpn.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"exploreshops.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastfactsonline.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspinc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspinf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastwebb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findaupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"finditquick.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fireapps.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"foundnow.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funanime.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funny-media.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gamerdigest.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gettheraiceheadreliefhat.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getvideoabc.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getvideoall.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grantaidauthority.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthfactor.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthnfitness.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpages.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"huge2upgradescentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"humansystemsecurity.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"iiuss.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiategreatlyfreethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiategreatlyrecentthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateprogressivecompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiaterecentgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatesophisticatedcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateswiftcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000125; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installcurrentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000126; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installhighlyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000127; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installintenselyoriginalthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000128; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000129; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installprecisehighlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000130; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installprogressiveintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000131; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installstronghighlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000132; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"intelectaction.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000133; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"investinfo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000134; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"amobil.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-browser.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-web.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aphicus.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beautinow.nl"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"benefiio.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"brightlifestyle.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000029; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000030; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000031; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000032; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000033; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000034; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000035; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000036; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000037; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeracoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000038; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeramountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centerastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeravolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chatverse.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkstableaupdatinglinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chipovysta.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimrewards.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"clickon.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"coatofarms.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"conndickens.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connecttheupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000055; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crowdweightyellow.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000056; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curfiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000057; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curiositydstream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000058; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curuiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000059; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymoneysaver.money"; content:"Host"; http_header; classtype:web-application-activity; sid:300000060; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyrep.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000061; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"darkview.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000062; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dayinlife.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000063; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealsify.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000064; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"discoveryfeed.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000065; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dutycalls.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000066; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"efladn.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000067; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"elpelades.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000068; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000069; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000070; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000071; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000072; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyacoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyasky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"euronordvpn.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"expatriates.pk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"exploreshops.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastfactsonline.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspinc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspinf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastwebb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findaupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"finditquick.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fireapps.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"foundnow.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funanime.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funny-media.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gamerdigest.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gettheraiceheadreliefhat.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getvideoabc.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getvideoall.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grantaidauthority.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthfactor.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthnfitness.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpages.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"huge2upgradescentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"humansystemsecurity.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"iiuss.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiategreatlyfreethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiategreatlyrecentthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateprogressivecompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiaterecentgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatesophisticatedcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateswiftcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000126; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installcurrentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000127; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installhighlyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000128; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installintenselyoriginalthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000129; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000130; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installprecisehighlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000131; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installprogressiveintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000132; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installstronghighlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000133; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"intelectaction.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000134; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ipaint.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000135; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000136; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jojomamanbebe.ie"; content:"Host"; http_header; classtype:web-application-activity; sid:300000137; rev:1;)
@@ -169,98 +169,98 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000162; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000163; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000164; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"kompsos.uk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000165; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lackystack.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000166; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"link4updatingcentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000167; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"listenthisso.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000168; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lltrsknoob.click"; content:"Host"; http_header; classtype:web-application-activity; sid:300000169; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"louisvillegigs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000170; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loveorfun.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000171; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000172; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckyworldwideprizerandom.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000173; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketloans.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mazestation.games"; content:"Host"; http_header; classtype:web-application-activity; sid:300000175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"media-cloud.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaadvanced.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mistvideo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobyfox.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mybesthealthplan.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsinformer.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"paint-lion-history-loud.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"people-around.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performrefinedoverlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"peterhahn.be"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"phonesecuritymagic.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"premium-news-for.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"press-news-for.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"producthunter.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitablesurvey.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lackystack.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000165; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"link4updatingcentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000166; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"listenthisso.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000167; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lltrsknoob.click"; content:"Host"; http_header; classtype:web-application-activity; sid:300000168; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"louisvillegigs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000169; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loveorfun.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000170; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000171; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckyworldwideprizerandom.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000172; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"makingbettermoney.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000173; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mazestation.games"; content:"Host"; http_header; classtype:web-application-activity; sid:300000174; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"media-cloud.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000175; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaadvanced.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000176; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000177; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mistvideo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000178; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000179; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000180; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobyfox.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mybesthealthplan.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsinformer.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"paint-lion-history-loud.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"people-around.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performrefinedoverlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"peterhahn.be"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"phonesecuritymagic.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"premium-news-for.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"press-news-for.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"producthunter.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitablesurvey.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitedsurvey.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitsurvey.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"promotionclaim.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-ios.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
@@ -288,19 +288,19 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartuv.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"software-dealz.de"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonicaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonicacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"software-dealz.de"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonicaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonicacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeuberspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
@@ -317,31 +317,31 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syssysupdate.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"taboo.news"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thanksyoursupport.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedealexpert.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theirproviderock.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timefornews.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"top-offers2.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"topdating.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tracking-landers.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trotineo.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"truecompassion.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatefix.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"techandgadgets.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thanksyoursupport.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedealexpert.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theirproviderock.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timefornews.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"top-offers2.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"topdating.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tracking-landers.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trotineo.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"truecompassion.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updateview.tech"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplaysite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usforeclosure.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
@@ -359,26 +359,25 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videomixact.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videovoiceable.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videovoiceace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"viralsharks.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn-pro.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallda.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-security.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000358; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000359; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000360; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000361; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000362; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000363; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000364; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000365; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westamountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000366; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000367; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000368; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westasea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000369; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000370; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldtechguide.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000371; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000372; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"your-magazine.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000373; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000374; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000375; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zalando-prive.es"; content:"Host"; http_header; classtype:web-application-activity; sid:300000376; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zeusmedia.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000377; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn-pro.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallda.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-security.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000358; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000359; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000360; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000361; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000362; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000363; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000364; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westamountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000365; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000366; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000367; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westasea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000368; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000369; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldtechguide.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000370; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000371; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"your-magazine.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000372; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000373; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000374; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zalando-prive.es"; content:"Host"; http_header; classtype:web-application-activity; sid:300000375; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zeusmedia.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000376; rev:1;)

dist/pup-filter-snort3.rules

@@ -1,6 +1,6 @@
 # Title: PUP Domains Snort3 Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,137 +8,137 @@
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"2021travel.net",nocase; classtype:web-application-activity; sid:300000001; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"abcscience.xyz",nocase; classtype:web-application-activity; sid:300000002; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-browser.live",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-web.live",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aphicus.xyz",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"benefiio.org",nocase; classtype:web-application-activity; sid:300000018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"brightlifestyle.org",nocase; classtype:web-application-activity; sid:300000025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-planet.xyz",nocase; classtype:web-application-activity; sid:300000027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1crater.xyz",nocase; classtype:web-application-activity; sid:300000028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1plains.xyz",nocase; classtype:web-application-activity; sid:300000029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1sky.xyz",nocase; classtype:web-application-activity; sid:300000030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1star.xyz",nocase; classtype:web-application-activity; sid:300000031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7mountain.xyz",nocase; classtype:web-application-activity; sid:300000032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7ocean.xyz",nocase; classtype:web-application-activity; sid:300000033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7planet.xyz",nocase; classtype:web-application-activity; sid:300000034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7sky.xyz",nocase; classtype:web-application-activity; sid:300000035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeracoast.xyz",nocase; classtype:web-application-activity; sid:300000036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeramountain.xyz",nocase; classtype:web-application-activity; sid:300000037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centerastar.xyz",nocase; classtype:web-application-activity; sid:300000038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeravolcano.xyz",nocase; classtype:web-application-activity; sid:300000039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chatverse.net",nocase; classtype:web-application-activity; sid:300000040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"checkstableaupdatinglinks.work",nocase; classtype:web-application-activity; sid:300000041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chipovysta.pro",nocase; classtype:web-application-activity; sid:300000042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"claimrewards.rest",nocase; classtype:web-application-activity; sid:300000043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"clickon.buzz",nocase; classtype:web-application-activity; sid:300000044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"coatofarms.nyc",nocase; classtype:web-application-activity; sid:300000045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connecttheupgradingurls.work",nocase; classtype:web-application-activity; sid:300000046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cooltech.blog",nocase; classtype:web-application-activity; sid:300000050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"craftstash.us",nocase; classtype:web-application-activity; sid:300000052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crowdweightyellow.top",nocase; classtype:web-application-activity; sid:300000055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curfiositystream.com",nocase; classtype:web-application-activity; sid:300000056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curiositydstream.com",nocase; classtype:web-application-activity; sid:300000057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curuiositystream.com",nocase; classtype:web-application-activity; sid:300000058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymoneysaver.money",nocase; classtype:web-application-activity; sid:300000059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyrep.net",nocase; classtype:web-application-activity; sid:300000060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"darkview.org",nocase; classtype:web-application-activity; sid:300000061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dayinlife.net",nocase; classtype:web-application-activity; sid:300000062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealsify.net",nocase; classtype:web-application-activity; sid:300000063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"discoveryfeed.org",nocase; classtype:web-application-activity; sid:300000064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dutycalls.shop",nocase; classtype:web-application-activity; sid:300000065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"efladn.club",nocase; classtype:web-application-activity; sid:300000066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"elpelades.club",nocase; classtype:web-application-activity; sid:300000067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-asteroid.xyz",nocase; classtype:web-application-activity; sid:300000068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-coast.xyz",nocase; classtype:web-application-activity; sid:300000069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-sea.xyz",nocase; classtype:web-application-activity; sid:300000070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-star.xyz",nocase; classtype:web-application-activity; sid:300000071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1mountain.xyz",nocase; classtype:web-application-activity; sid:300000072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1ocean.xyz",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1volcano.xyz",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7asteroid.xyz",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7crater.xyz",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7mountain.xyz",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyacoast.xyz",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyacrater.xyz",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyaocean.xyz",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyasky.xyz",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyastar.xyz",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyavolcano.xyz",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"euronordvpn.com",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"exploreshops.net",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastfactsonline.co",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspinc.xyz",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspinf.xyz",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastwebb.xyz",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findaupgradingurls.work",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"finditquick.online",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fireapps.cloud",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"foundnow.net",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funanime.me",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funny-media.ru",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gamerdigest.org",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gettheraiceheadreliefhat.io",nocase; classtype:web-application-activity; sid:300000099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getvideoabc.ru",nocase; classtype:web-application-activity; sid:300000100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getvideoall.ru",nocase; classtype:web-application-activity; sid:300000101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grantaidauthority.site",nocase; classtype:web-application-activity; sid:300000108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthfactor.io",nocase; classtype:web-application-activity; sid:300000109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthnfitness.site",nocase; classtype:web-application-activity; sid:300000110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hpages.net",nocase; classtype:web-application-activity; sid:300000113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"huge2upgradescentral.work",nocase; classtype:web-application-activity; sid:300000114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"humansystemsecurity.top",nocase; classtype:web-application-activity; sid:300000115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"iiuss.biz",nocase; classtype:web-application-activity; sid:300000116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiategreatlyfreethefile.vip",nocase; classtype:web-application-activity; sid:300000120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiategreatlyrecentthefile.vip",nocase; classtype:web-application-activity; sid:300000121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateprogressivecompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiaterecentgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatesophisticatedcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateswiftcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installcurrentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installhighlyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installintenselyoriginalthefile.vip",nocase; classtype:web-application-activity; sid:300000128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installprecisehighlythefile.vip",nocase; classtype:web-application-activity; sid:300000130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installprogressiveintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installstronghighlythefile.vip",nocase; classtype:web-application-activity; sid:300000132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"intelectaction.ru",nocase; classtype:web-application-activity; sid:300000133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"investinfo.net",nocase; classtype:web-application-activity; sid:300000134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"amobil.online",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-browser.live",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-web.live",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aphicus.xyz",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beautinow.nl",nocase; classtype:web-application-activity; sid:300000018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"benefiio.org",nocase; classtype:web-application-activity; sid:300000020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"brightlifestyle.org",nocase; classtype:web-application-activity; sid:300000027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-planet.xyz",nocase; classtype:web-application-activity; sid:300000029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1crater.xyz",nocase; classtype:web-application-activity; sid:300000030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1plains.xyz",nocase; classtype:web-application-activity; sid:300000031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1sky.xyz",nocase; classtype:web-application-activity; sid:300000032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1star.xyz",nocase; classtype:web-application-activity; sid:300000033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7mountain.xyz",nocase; classtype:web-application-activity; sid:300000034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7ocean.xyz",nocase; classtype:web-application-activity; sid:300000035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7planet.xyz",nocase; classtype:web-application-activity; sid:300000036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7sky.xyz",nocase; classtype:web-application-activity; sid:300000037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeracoast.xyz",nocase; classtype:web-application-activity; sid:300000038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeramountain.xyz",nocase; classtype:web-application-activity; sid:300000039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centerastar.xyz",nocase; classtype:web-application-activity; sid:300000040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeravolcano.xyz",nocase; classtype:web-application-activity; sid:300000041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chatverse.net",nocase; classtype:web-application-activity; sid:300000042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"checkstableaupdatinglinks.work",nocase; classtype:web-application-activity; sid:300000043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chipovysta.pro",nocase; classtype:web-application-activity; sid:300000044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"claimrewards.rest",nocase; classtype:web-application-activity; sid:300000045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"clickon.buzz",nocase; classtype:web-application-activity; sid:300000046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"coatofarms.nyc",nocase; classtype:web-application-activity; sid:300000047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"conndickens.icu",nocase; classtype:web-application-activity; sid:300000048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connecttheupgradingurls.work",nocase; classtype:web-application-activity; sid:300000049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crowdweightyellow.top",nocase; classtype:web-application-activity; sid:300000056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curfiositystream.com",nocase; classtype:web-application-activity; sid:300000057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curiositydstream.com",nocase; classtype:web-application-activity; sid:300000058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curuiositystream.com",nocase; classtype:web-application-activity; sid:300000059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymoneysaver.money",nocase; classtype:web-application-activity; sid:300000060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyrep.net",nocase; classtype:web-application-activity; sid:300000061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"darkview.org",nocase; classtype:web-application-activity; sid:300000062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dayinlife.net",nocase; classtype:web-application-activity; sid:300000063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealsify.net",nocase; classtype:web-application-activity; sid:300000064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"discoveryfeed.org",nocase; classtype:web-application-activity; sid:300000065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dutycalls.shop",nocase; classtype:web-application-activity; sid:300000066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"efladn.club",nocase; classtype:web-application-activity; sid:300000067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"elpelades.club",nocase; classtype:web-application-activity; sid:300000068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-asteroid.xyz",nocase; classtype:web-application-activity; sid:300000069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-coast.xyz",nocase; classtype:web-application-activity; sid:300000070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-sea.xyz",nocase; classtype:web-application-activity; sid:300000071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-star.xyz",nocase; classtype:web-application-activity; sid:300000072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1mountain.xyz",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1ocean.xyz",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1volcano.xyz",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7asteroid.xyz",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7crater.xyz",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7mountain.xyz",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyacoast.xyz",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyacrater.xyz",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyaocean.xyz",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyasky.xyz",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyastar.xyz",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyavolcano.xyz",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"euronordvpn.com",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"expatriates.pk",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"exploreshops.net",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastfactsonline.co",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspinc.xyz",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspinf.xyz",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastwebb.xyz",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findaupgradingurls.work",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"finditquick.online",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fireapps.cloud",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"foundnow.net",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funanime.me",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funny-media.ru",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gamerdigest.org",nocase; classtype:web-application-activity; sid:300000099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gettheraiceheadreliefhat.io",nocase; classtype:web-application-activity; sid:300000101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getvideoabc.ru",nocase; classtype:web-application-activity; sid:300000102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getvideoall.ru",nocase; classtype:web-application-activity; sid:300000103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grantaidauthority.site",nocase; classtype:web-application-activity; sid:300000109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthfactor.io",nocase; classtype:web-application-activity; sid:300000110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthnfitness.site",nocase; classtype:web-application-activity; sid:300000111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hpages.net",nocase; classtype:web-application-activity; sid:300000114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"huge2upgradescentral.work",nocase; classtype:web-application-activity; sid:300000115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"humansystemsecurity.top",nocase; classtype:web-application-activity; sid:300000116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"iiuss.biz",nocase; classtype:web-application-activity; sid:300000117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiategreatlyfreethefile.vip",nocase; classtype:web-application-activity; sid:300000121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiategreatlyrecentthefile.vip",nocase; classtype:web-application-activity; sid:300000122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateprogressivecompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiaterecentgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatesophisticatedcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateswiftcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installcurrentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installhighlyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installintenselyoriginalthefile.vip",nocase; classtype:web-application-activity; sid:300000129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installprecisehighlythefile.vip",nocase; classtype:web-application-activity; sid:300000131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installprogressiveintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installstronghighlythefile.vip",nocase; classtype:web-application-activity; sid:300000133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"intelectaction.ru",nocase; classtype:web-application-activity; sid:300000134; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ipaint.us",nocase; classtype:web-application-activity; sid:300000135; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ironprovpn.me",nocase; classtype:web-application-activity; sid:300000136; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jojomamanbebe.ie",nocase; classtype:web-application-activity; sid:300000137; rev:1;)
@@ -169,98 +169,98 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterc.xyz",nocase; classtype:web-application-activity; sid:300000162; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterd.xyz",nocase; classtype:web-application-activity; sid:300000163; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintere.xyz",nocase; classtype:web-application-activity; sid:300000164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"kompsos.uk",nocase; classtype:web-application-activity; sid:300000165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lackystack.net",nocase; classtype:web-application-activity; sid:300000166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"link4updatingcentral.work",nocase; classtype:web-application-activity; sid:300000167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"listenthisso.top",nocase; classtype:web-application-activity; sid:300000168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lltrsknoob.click",nocase; classtype:web-application-activity; sid:300000169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"louisvillegigs.net",nocase; classtype:web-application-activity; sid:300000170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loveorfun.cc",nocase; classtype:web-application-activity; sid:300000171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckyworldwideprizerandom.rest",nocase; classtype:web-application-activity; sid:300000173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"marketloans.net",nocase; classtype:web-application-activity; sid:300000174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mazestation.games",nocase; classtype:web-application-activity; sid:300000175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"media-cloud.ru",nocase; classtype:web-application-activity; sid:300000176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaadvanced.ru",nocase; classtype:web-application-activity; sid:300000177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mistvideo.ru",nocase; classtype:web-application-activity; sid:300000179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1crater.xyz",nocase; classtype:web-application-activity; sid:300000180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1mountain.xyz",nocase; classtype:web-application-activity; sid:300000181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1planet.xyz",nocase; classtype:web-application-activity; sid:300000182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sea.xyz",nocase; classtype:web-application-activity; sid:300000183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sky.xyz",nocase; classtype:web-application-activity; sid:300000184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7volcano.xyz",nocase; classtype:web-application-activity; sid:300000185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiacrater.xyz",nocase; classtype:web-application-activity; sid:300000186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaocean.xyz",nocase; classtype:web-application-activity; sid:300000187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaplanet.xyz",nocase; classtype:web-application-activity; sid:300000188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiastar.xyz",nocase; classtype:web-application-activity; sid:300000189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiavolcano.xyz",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobyfox.shop",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mybesthealthplan.org",nocase; classtype:web-application-activity; sid:300000192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsinformer.net",nocase; classtype:web-application-activity; sid:300000194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"paint-lion-history-loud.xyz",nocase; classtype:web-application-activity; sid:300000197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumna.xyz",nocase; classtype:web-application-activity; sid:300000198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringa.xyz",nocase; classtype:web-application-activity; sid:300000203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringb.xyz",nocase; classtype:web-application-activity; sid:300000204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringc.xyz",nocase; classtype:web-application-activity; sid:300000205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringd.xyz",nocase; classtype:web-application-activity; sid:300000206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringf.xyz",nocase; classtype:web-application-activity; sid:300000208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummera.xyz",nocase; classtype:web-application-activity; sid:300000209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerc.xyz",nocase; classtype:web-application-activity; sid:300000210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerd.xyz",nocase; classtype:web-application-activity; sid:300000211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummere.xyz",nocase; classtype:web-application-activity; sid:300000212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerf.xyz",nocase; classtype:web-application-activity; sid:300000213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintera.xyz",nocase; classtype:web-application-activity; sid:300000214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterb.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterf.xyz",nocase; classtype:web-application-activity; sid:300000219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"people-around.me",nocase; classtype:web-application-activity; sid:300000220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performrefinedoverlythefile.vip",nocase; classtype:web-application-activity; sid:300000223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"peterhahn.be",nocase; classtype:web-application-activity; sid:300000224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"phonesecuritymagic.top",nocase; classtype:web-application-activity; sid:300000225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringb.xyz",nocase; classtype:web-application-activity; sid:300000237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringc.xyz",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringd.xyz",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringe.xyz",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummera.xyz",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerb.xyz",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerc.xyz",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummere.xyz",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerf.xyz",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintera.xyz",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterb.xyz",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterc.xyz",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterd.xyz",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintere.xyz",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterf.xyz",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"premium-news-for.me",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"press-news-for.me",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"producthunter.club",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitablesurvey.site",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lackystack.net",nocase; classtype:web-application-activity; sid:300000165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"link4updatingcentral.work",nocase; classtype:web-application-activity; sid:300000166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"listenthisso.top",nocase; classtype:web-application-activity; sid:300000167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lltrsknoob.click",nocase; classtype:web-application-activity; sid:300000168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"louisvillegigs.net",nocase; classtype:web-application-activity; sid:300000169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loveorfun.cc",nocase; classtype:web-application-activity; sid:300000170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckyworldwideprizerandom.rest",nocase; classtype:web-application-activity; sid:300000172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"makingbettermoney.co",nocase; classtype:web-application-activity; sid:300000173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mazestation.games",nocase; classtype:web-application-activity; sid:300000174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"media-cloud.ru",nocase; classtype:web-application-activity; sid:300000175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaadvanced.ru",nocase; classtype:web-application-activity; sid:300000176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mistvideo.ru",nocase; classtype:web-application-activity; sid:300000178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1crater.xyz",nocase; classtype:web-application-activity; sid:300000179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1mountain.xyz",nocase; classtype:web-application-activity; sid:300000180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1planet.xyz",nocase; classtype:web-application-activity; sid:300000181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sea.xyz",nocase; classtype:web-application-activity; sid:300000182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sky.xyz",nocase; classtype:web-application-activity; sid:300000183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7volcano.xyz",nocase; classtype:web-application-activity; sid:300000184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiacrater.xyz",nocase; classtype:web-application-activity; sid:300000185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaocean.xyz",nocase; classtype:web-application-activity; sid:300000186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaplanet.xyz",nocase; classtype:web-application-activity; sid:300000187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiastar.xyz",nocase; classtype:web-application-activity; sid:300000188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiavolcano.xyz",nocase; classtype:web-application-activity; sid:300000189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobyfox.shop",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mybesthealthplan.org",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsinformer.net",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"paint-lion-history-loud.xyz",nocase; classtype:web-application-activity; sid:300000196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumna.xyz",nocase; classtype:web-application-activity; sid:300000197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringa.xyz",nocase; classtype:web-application-activity; sid:300000202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringb.xyz",nocase; classtype:web-application-activity; sid:300000203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringc.xyz",nocase; classtype:web-application-activity; sid:300000204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringd.xyz",nocase; classtype:web-application-activity; sid:300000205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringf.xyz",nocase; classtype:web-application-activity; sid:300000207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummera.xyz",nocase; classtype:web-application-activity; sid:300000208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerc.xyz",nocase; classtype:web-application-activity; sid:300000209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerd.xyz",nocase; classtype:web-application-activity; sid:300000210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummere.xyz",nocase; classtype:web-application-activity; sid:300000211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerf.xyz",nocase; classtype:web-application-activity; sid:300000212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintera.xyz",nocase; classtype:web-application-activity; sid:300000213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterb.xyz",nocase; classtype:web-application-activity; sid:300000214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterf.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"people-around.me",nocase; classtype:web-application-activity; sid:300000219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performrefinedoverlythefile.vip",nocase; classtype:web-application-activity; sid:300000222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"peterhahn.be",nocase; classtype:web-application-activity; sid:300000223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"phonesecuritymagic.top",nocase; classtype:web-application-activity; sid:300000224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringb.xyz",nocase; classtype:web-application-activity; sid:300000236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringc.xyz",nocase; classtype:web-application-activity; sid:300000237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringd.xyz",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringe.xyz",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummera.xyz",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerb.xyz",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerc.xyz",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummere.xyz",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerf.xyz",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintera.xyz",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterb.xyz",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterc.xyz",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterd.xyz",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintere.xyz",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterf.xyz",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"premium-news-for.me",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"press-news-for.me",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"producthunter.club",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitablesurvey.site",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitedsurvey.site",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitsurvey.live",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"promotionclaim.rest",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protect-ios.com",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
@@ -288,19 +288,19 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000282; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartuv.shop",nocase; classtype:web-application-activity; sid:300000284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"software-dealz.de",nocase; classtype:web-application-activity; sid:300000285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-ocean.xyz",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-plains.xyz",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1coast.xyz",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1ocean.xyz",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic7sea.xyz",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonicaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonicacrater.xyz",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"software-dealz.de",nocase; classtype:web-application-activity; sid:300000284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-ocean.xyz",nocase; classtype:web-application-activity; sid:300000285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-plains.xyz",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1coast.xyz",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1ocean.xyz",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic7sea.xyz",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonicaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonicacrater.xyz",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeuberspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
@@ -317,31 +317,31 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syssysupdate.top",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"taboo.news",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thanksyoursupport.club",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-crater.xyz",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-sky.xyz",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-star.xyz",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1planet.xyz",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1star.xyz",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1volcano.xyz",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7coast.xyz",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7crater.xyz",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7plains.xyz",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7volcano.xyz",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theacrater.xyz",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theastar.xyz",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theavolcano.xyz",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thedealexpert.net",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theirproviderock.top",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timefornews.online",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"top-offers2.club",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"topdating.online",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tracking-landers.xyz",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trotineo.fr",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"truecompassion.net",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatefix.xyz",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"techandgadgets.net",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thanksyoursupport.club",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-crater.xyz",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-sky.xyz",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-star.xyz",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1planet.xyz",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1star.xyz",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1volcano.xyz",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7coast.xyz",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7crater.xyz",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7plains.xyz",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7volcano.xyz",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theacrater.xyz",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theastar.xyz",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theavolcano.xyz",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thedealexpert.net",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theirproviderock.top",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timefornews.online",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"top-offers2.club",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"topdating.online",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tracking-landers.xyz",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trotineo.fr",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"truecompassion.net",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updateview.tech",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplaysite.xyz",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usforeclosure.net",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
@@ -359,26 +359,25 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videomixact.ru",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videovoiceable.ru",nocase; classtype:web-application-activity; sid:300000353; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videovoiceace.ru",nocase; classtype:web-application-activity; sid:300000354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"viralsharks.net",nocase; classtype:web-application-activity; sid:300000355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn-pro.club",nocase; classtype:web-application-activity; sid:300000356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wallda.site",nocase; classtype:web-application-activity; sid:300000357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"web-security.ml",nocase; classtype:web-application-activity; sid:300000358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1ocean.xyz",nocase; classtype:web-application-activity; sid:300000361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1plains.xyz",nocase; classtype:web-application-activity; sid:300000362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1sky.xyz",nocase; classtype:web-application-activity; sid:300000363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1star.xyz",nocase; classtype:web-application-activity; sid:300000364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westamountain.xyz",nocase; classtype:web-application-activity; sid:300000366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaocean.xyz",nocase; classtype:web-application-activity; sid:300000367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaplanet.xyz",nocase; classtype:web-application-activity; sid:300000368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westasea.xyz",nocase; classtype:web-application-activity; sid:300000369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westastar.xyz",nocase; classtype:web-application-activity; sid:300000370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldtechguide.net",nocase; classtype:web-application-activity; sid:300000371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"your-magazine.me",nocase; classtype:web-application-activity; sid:300000373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zalando-prive.es",nocase; classtype:web-application-activity; sid:300000376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zeusmedia.info",nocase; classtype:web-application-activity; sid:300000377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn-pro.club",nocase; classtype:web-application-activity; sid:300000355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wallda.site",nocase; classtype:web-application-activity; sid:300000356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"web-security.ml",nocase; classtype:web-application-activity; sid:300000357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1ocean.xyz",nocase; classtype:web-application-activity; sid:300000360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1plains.xyz",nocase; classtype:web-application-activity; sid:300000361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1sky.xyz",nocase; classtype:web-application-activity; sid:300000362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1star.xyz",nocase; classtype:web-application-activity; sid:300000363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westamountain.xyz",nocase; classtype:web-application-activity; sid:300000365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaocean.xyz",nocase; classtype:web-application-activity; sid:300000366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaplanet.xyz",nocase; classtype:web-application-activity; sid:300000367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westasea.xyz",nocase; classtype:web-application-activity; sid:300000368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westastar.xyz",nocase; classtype:web-application-activity; sid:300000369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldtechguide.net",nocase; classtype:web-application-activity; sid:300000370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"your-magazine.me",nocase; classtype:web-application-activity; sid:300000372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zalando-prive.es",nocase; classtype:web-application-activity; sid:300000375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zeusmedia.info",nocase; classtype:web-application-activity; sid:300000376; rev:1;)

dist/pup-filter-suricata.rules

@@ -1,6 +1,6 @@
 # Title: PUP Domains Suricata Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,137 +8,137 @@
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2021travel.net"; classtype:web-application-activity; sid:300000001; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abcscience.xyz"; classtype:web-application-activity; sid:300000002; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-browser.live"; classtype:web-application-activity; sid:300000004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-web.live"; classtype:web-application-activity; sid:300000005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aphicus.xyz"; classtype:web-application-activity; sid:300000006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"benefiio.org"; classtype:web-application-activity; sid:300000018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightlifestyle.org"; classtype:web-application-activity; sid:300000025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-planet.xyz"; classtype:web-application-activity; sid:300000027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1crater.xyz"; classtype:web-application-activity; sid:300000028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1plains.xyz"; classtype:web-application-activity; sid:300000029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1sky.xyz"; classtype:web-application-activity; sid:300000030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1star.xyz"; classtype:web-application-activity; sid:300000031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7mountain.xyz"; classtype:web-application-activity; sid:300000032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7ocean.xyz"; classtype:web-application-activity; sid:300000033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7planet.xyz"; classtype:web-application-activity; sid:300000034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7sky.xyz"; classtype:web-application-activity; sid:300000035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeracoast.xyz"; classtype:web-application-activity; sid:300000036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeramountain.xyz"; classtype:web-application-activity; sid:300000037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centerastar.xyz"; classtype:web-application-activity; sid:300000038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeravolcano.xyz"; classtype:web-application-activity; sid:300000039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chatverse.net"; classtype:web-application-activity; sid:300000040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkstableaupdatinglinks.work"; classtype:web-application-activity; sid:300000041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chipovysta.pro"; classtype:web-application-activity; sid:300000042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimrewards.rest"; classtype:web-application-activity; sid:300000043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clickon.buzz"; classtype:web-application-activity; sid:300000044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coatofarms.nyc"; classtype:web-application-activity; sid:300000045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connecttheupgradingurls.work"; classtype:web-application-activity; sid:300000046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cooltech.blog"; classtype:web-application-activity; sid:300000050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"craftstash.us"; classtype:web-application-activity; sid:300000052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000054; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crowdweightyellow.top"; classtype:web-application-activity; sid:300000055; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curfiositystream.com"; classtype:web-application-activity; sid:300000056; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curiositydstream.com"; classtype:web-application-activity; sid:300000057; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curuiositystream.com"; classtype:web-application-activity; sid:300000058; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymoneysaver.money"; classtype:web-application-activity; sid:300000059; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyrep.net"; classtype:web-application-activity; sid:300000060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"darkview.org"; classtype:web-application-activity; sid:300000061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dayinlife.net"; classtype:web-application-activity; sid:300000062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealsify.net"; classtype:web-application-activity; sid:300000063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discoveryfeed.org"; classtype:web-application-activity; sid:300000064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dutycalls.shop"; classtype:web-application-activity; sid:300000065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efladn.club"; classtype:web-application-activity; sid:300000066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpelades.club"; classtype:web-application-activity; sid:300000067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-asteroid.xyz"; classtype:web-application-activity; sid:300000068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-coast.xyz"; classtype:web-application-activity; sid:300000069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-sea.xyz"; classtype:web-application-activity; sid:300000070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-star.xyz"; classtype:web-application-activity; sid:300000071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1mountain.xyz"; classtype:web-application-activity; sid:300000072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1ocean.xyz"; classtype:web-application-activity; sid:300000073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1volcano.xyz"; classtype:web-application-activity; sid:300000074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7asteroid.xyz"; classtype:web-application-activity; sid:300000075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7crater.xyz"; classtype:web-application-activity; sid:300000076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7mountain.xyz"; classtype:web-application-activity; sid:300000077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyacoast.xyz"; classtype:web-application-activity; sid:300000078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyacrater.xyz"; classtype:web-application-activity; sid:300000079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyaocean.xyz"; classtype:web-application-activity; sid:300000080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyasky.xyz"; classtype:web-application-activity; sid:300000081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyastar.xyz"; classtype:web-application-activity; sid:300000082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyavolcano.xyz"; classtype:web-application-activity; sid:300000083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"euronordvpn.com"; classtype:web-application-activity; sid:300000084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exploreshops.net"; classtype:web-application-activity; sid:300000085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastfactsonline.co"; classtype:web-application-activity; sid:300000086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspinc.xyz"; classtype:web-application-activity; sid:300000087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspinf.xyz"; classtype:web-application-activity; sid:300000088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastwebb.xyz"; classtype:web-application-activity; sid:300000089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findaupgradingurls.work"; classtype:web-application-activity; sid:300000090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finditquick.online"; classtype:web-application-activity; sid:300000091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fireapps.cloud"; classtype:web-application-activity; sid:300000092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foundnow.net"; classtype:web-application-activity; sid:300000093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funanime.me"; classtype:web-application-activity; sid:300000094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funny-media.ru"; classtype:web-application-activity; sid:300000095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gamerdigest.org"; classtype:web-application-activity; sid:300000097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gettheraiceheadreliefhat.io"; classtype:web-application-activity; sid:300000099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getvideoabc.ru"; classtype:web-application-activity; sid:300000100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getvideoall.ru"; classtype:web-application-activity; sid:300000101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grantaidauthority.site"; classtype:web-application-activity; sid:300000108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthfactor.io"; classtype:web-application-activity; sid:300000109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthnfitness.site"; classtype:web-application-activity; sid:300000110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpages.net"; classtype:web-application-activity; sid:300000113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huge2upgradescentral.work"; classtype:web-application-activity; sid:300000114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"humansystemsecurity.top"; classtype:web-application-activity; sid:300000115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iiuss.biz"; classtype:web-application-activity; sid:300000116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprecisethefile.vip"; classtype:web-application-activity; sid:300000117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprogressivethefile.vip"; classtype:web-application-activity; sid:300000118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyspeedythefile.vip"; classtype:web-application-activity; sid:300000119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiategreatlyfreethefile.vip"; classtype:web-application-activity; sid:300000120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiategreatlyrecentthefile.vip"; classtype:web-application-activity; sid:300000121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateprogressivecompletelythefile.vip"; classtype:web-application-activity; sid:300000122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiaterecentgreatlythefile.vip"; classtype:web-application-activity; sid:300000123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatesophisticatedcompletelythefile.vip"; classtype:web-application-activity; sid:300000124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateswiftcompletelythefile.vip"; classtype:web-application-activity; sid:300000125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installcurrentintenselythefile.vip"; classtype:web-application-activity; sid:300000126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installhighlyrefinedthefile.vip"; classtype:web-application-activity; sid:300000127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installintenselyoriginalthefile.vip"; classtype:web-application-activity; sid:300000128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installprecisehighlythefile.vip"; classtype:web-application-activity; sid:300000130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installprogressiveintenselythefile.vip"; classtype:web-application-activity; sid:300000131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installstronghighlythefile.vip"; classtype:web-application-activity; sid:300000132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intelectaction.ru"; classtype:web-application-activity; sid:300000133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investinfo.net"; classtype:web-application-activity; sid:300000134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amobil.online"; classtype:web-application-activity; sid:300000004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-browser.live"; classtype:web-application-activity; sid:300000005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-web.live"; classtype:web-application-activity; sid:300000006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aphicus.xyz"; classtype:web-application-activity; sid:300000007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beautinow.nl"; classtype:web-application-activity; sid:300000018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"benefiio.org"; classtype:web-application-activity; sid:300000020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightlifestyle.org"; classtype:web-application-activity; sid:300000027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-planet.xyz"; classtype:web-application-activity; sid:300000029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1crater.xyz"; classtype:web-application-activity; sid:300000030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1plains.xyz"; classtype:web-application-activity; sid:300000031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1sky.xyz"; classtype:web-application-activity; sid:300000032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1star.xyz"; classtype:web-application-activity; sid:300000033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7mountain.xyz"; classtype:web-application-activity; sid:300000034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7ocean.xyz"; classtype:web-application-activity; sid:300000035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7planet.xyz"; classtype:web-application-activity; sid:300000036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7sky.xyz"; classtype:web-application-activity; sid:300000037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeracoast.xyz"; classtype:web-application-activity; sid:300000038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeramountain.xyz"; classtype:web-application-activity; sid:300000039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centerastar.xyz"; classtype:web-application-activity; sid:300000040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeravolcano.xyz"; classtype:web-application-activity; sid:300000041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chatverse.net"; classtype:web-application-activity; sid:300000042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkstableaupdatinglinks.work"; classtype:web-application-activity; sid:300000043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chipovysta.pro"; classtype:web-application-activity; sid:300000044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimrewards.rest"; classtype:web-application-activity; sid:300000045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"clickon.buzz"; classtype:web-application-activity; sid:300000046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coatofarms.nyc"; classtype:web-application-activity; sid:300000047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"conndickens.icu"; classtype:web-application-activity; sid:300000048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connecttheupgradingurls.work"; classtype:web-application-activity; sid:300000049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000055; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crowdweightyellow.top"; classtype:web-application-activity; sid:300000056; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curfiositystream.com"; classtype:web-application-activity; sid:300000057; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curiositydstream.com"; classtype:web-application-activity; sid:300000058; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curuiositystream.com"; classtype:web-application-activity; sid:300000059; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymoneysaver.money"; classtype:web-application-activity; sid:300000060; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyrep.net"; classtype:web-application-activity; sid:300000061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"darkview.org"; classtype:web-application-activity; sid:300000062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dayinlife.net"; classtype:web-application-activity; sid:300000063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealsify.net"; classtype:web-application-activity; sid:300000064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discoveryfeed.org"; classtype:web-application-activity; sid:300000065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dutycalls.shop"; classtype:web-application-activity; sid:300000066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efladn.club"; classtype:web-application-activity; sid:300000067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpelades.club"; classtype:web-application-activity; sid:300000068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-asteroid.xyz"; classtype:web-application-activity; sid:300000069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-coast.xyz"; classtype:web-application-activity; sid:300000070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-sea.xyz"; classtype:web-application-activity; sid:300000071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-star.xyz"; classtype:web-application-activity; sid:300000072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1mountain.xyz"; classtype:web-application-activity; sid:300000073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1ocean.xyz"; classtype:web-application-activity; sid:300000074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1volcano.xyz"; classtype:web-application-activity; sid:300000075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7asteroid.xyz"; classtype:web-application-activity; sid:300000076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7crater.xyz"; classtype:web-application-activity; sid:300000077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7mountain.xyz"; classtype:web-application-activity; sid:300000078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyacoast.xyz"; classtype:web-application-activity; sid:300000079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyacrater.xyz"; classtype:web-application-activity; sid:300000080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyaocean.xyz"; classtype:web-application-activity; sid:300000081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyasky.xyz"; classtype:web-application-activity; sid:300000082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyastar.xyz"; classtype:web-application-activity; sid:300000083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyavolcano.xyz"; classtype:web-application-activity; sid:300000084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"euronordvpn.com"; classtype:web-application-activity; sid:300000085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"expatriates.pk"; classtype:web-application-activity; sid:300000086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exploreshops.net"; classtype:web-application-activity; sid:300000087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastfactsonline.co"; classtype:web-application-activity; sid:300000088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspinc.xyz"; classtype:web-application-activity; sid:300000089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspinf.xyz"; classtype:web-application-activity; sid:300000090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastwebb.xyz"; classtype:web-application-activity; sid:300000091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findaupgradingurls.work"; classtype:web-application-activity; sid:300000092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finditquick.online"; classtype:web-application-activity; sid:300000093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fireapps.cloud"; classtype:web-application-activity; sid:300000094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foundnow.net"; classtype:web-application-activity; sid:300000095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funanime.me"; classtype:web-application-activity; sid:300000096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funny-media.ru"; classtype:web-application-activity; sid:300000097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gamerdigest.org"; classtype:web-application-activity; sid:300000099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gettheraiceheadreliefhat.io"; classtype:web-application-activity; sid:300000101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getvideoabc.ru"; classtype:web-application-activity; sid:300000102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getvideoall.ru"; classtype:web-application-activity; sid:300000103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grantaidauthority.site"; classtype:web-application-activity; sid:300000109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthfactor.io"; classtype:web-application-activity; sid:300000110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthnfitness.site"; classtype:web-application-activity; sid:300000111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpages.net"; classtype:web-application-activity; sid:300000114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huge2upgradescentral.work"; classtype:web-application-activity; sid:300000115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"humansystemsecurity.top"; classtype:web-application-activity; sid:300000116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iiuss.biz"; classtype:web-application-activity; sid:300000117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprecisethefile.vip"; classtype:web-application-activity; sid:300000118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprogressivethefile.vip"; classtype:web-application-activity; sid:300000119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyspeedythefile.vip"; classtype:web-application-activity; sid:300000120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiategreatlyfreethefile.vip"; classtype:web-application-activity; sid:300000121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiategreatlyrecentthefile.vip"; classtype:web-application-activity; sid:300000122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateprogressivecompletelythefile.vip"; classtype:web-application-activity; sid:300000123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiaterecentgreatlythefile.vip"; classtype:web-application-activity; sid:300000124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatesophisticatedcompletelythefile.vip"; classtype:web-application-activity; sid:300000125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateswiftcompletelythefile.vip"; classtype:web-application-activity; sid:300000126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installcurrentintenselythefile.vip"; classtype:web-application-activity; sid:300000127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installhighlyrefinedthefile.vip"; classtype:web-application-activity; sid:300000128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installintenselyoriginalthefile.vip"; classtype:web-application-activity; sid:300000129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installprecisehighlythefile.vip"; classtype:web-application-activity; sid:300000131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installprogressiveintenselythefile.vip"; classtype:web-application-activity; sid:300000132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installstronghighlythefile.vip"; classtype:web-application-activity; sid:300000133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intelectaction.ru"; classtype:web-application-activity; sid:300000134; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ipaint.us"; classtype:web-application-activity; sid:300000135; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironprovpn.me"; classtype:web-application-activity; sid:300000136; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jojomamanbebe.ie"; classtype:web-application-activity; sid:300000137; rev:1;)
@@ -169,98 +169,98 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterc.xyz"; classtype:web-application-activity; sid:300000162; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterd.xyz"; classtype:web-application-activity; sid:300000163; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintere.xyz"; classtype:web-application-activity; sid:300000164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kompsos.uk"; classtype:web-application-activity; sid:300000165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lackystack.net"; classtype:web-application-activity; sid:300000166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"link4updatingcentral.work"; classtype:web-application-activity; sid:300000167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"listenthisso.top"; classtype:web-application-activity; sid:300000168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lltrsknoob.click"; classtype:web-application-activity; sid:300000169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"louisvillegigs.net"; classtype:web-application-activity; sid:300000170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckyworldwideprizerandom.rest"; classtype:web-application-activity; sid:300000173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketloans.net"; classtype:web-application-activity; sid:300000174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mazestation.games"; classtype:web-application-activity; sid:300000175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"media-cloud.ru"; classtype:web-application-activity; sid:300000176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaadvanced.ru"; classtype:web-application-activity; sid:300000177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mistvideo.ru"; classtype:web-application-activity; sid:300000179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1crater.xyz"; classtype:web-application-activity; sid:300000180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1mountain.xyz"; classtype:web-application-activity; sid:300000181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1planet.xyz"; classtype:web-application-activity; sid:300000182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sea.xyz"; classtype:web-application-activity; sid:300000183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sky.xyz"; classtype:web-application-activity; sid:300000184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7volcano.xyz"; classtype:web-application-activity; sid:300000185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiacrater.xyz"; classtype:web-application-activity; sid:300000186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaocean.xyz"; classtype:web-application-activity; sid:300000187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaplanet.xyz"; classtype:web-application-activity; sid:300000188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiastar.xyz"; classtype:web-application-activity; sid:300000189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiavolcano.xyz"; classtype:web-application-activity; sid:300000190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobyfox.shop"; classtype:web-application-activity; sid:300000191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mybesthealthplan.org"; classtype:web-application-activity; sid:300000192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsinformer.net"; classtype:web-application-activity; sid:300000194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paint-lion-history-loud.xyz"; classtype:web-application-activity; sid:300000197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumna.xyz"; classtype:web-application-activity; sid:300000198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnb.xyz"; classtype:web-application-activity; sid:300000199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnc.xyz"; classtype:web-application-activity; sid:300000200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnd.xyz"; classtype:web-application-activity; sid:300000201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnf.xyz"; classtype:web-application-activity; sid:300000202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringa.xyz"; classtype:web-application-activity; sid:300000203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringb.xyz"; classtype:web-application-activity; sid:300000204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringc.xyz"; classtype:web-application-activity; sid:300000205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringd.xyz"; classtype:web-application-activity; sid:300000206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringf.xyz"; classtype:web-application-activity; sid:300000208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummera.xyz"; classtype:web-application-activity; sid:300000209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerc.xyz"; classtype:web-application-activity; sid:300000210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerd.xyz"; classtype:web-application-activity; sid:300000211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummere.xyz"; classtype:web-application-activity; sid:300000212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerf.xyz"; classtype:web-application-activity; sid:300000213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintera.xyz"; classtype:web-application-activity; sid:300000214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterb.xyz"; classtype:web-application-activity; sid:300000215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterf.xyz"; classtype:web-application-activity; sid:300000219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"people-around.me"; classtype:web-application-activity; sid:300000220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyspeedythefile.vip"; classtype:web-application-activity; sid:300000221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyswiftthefile.vip"; classtype:web-application-activity; sid:300000222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrefinedoverlythefile.vip"; classtype:web-application-activity; sid:300000223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peterhahn.be"; classtype:web-application-activity; sid:300000224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phonesecuritymagic.top"; classtype:web-application-activity; sid:300000225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringb.xyz"; classtype:web-application-activity; sid:300000237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringc.xyz"; classtype:web-application-activity; sid:300000238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringd.xyz"; classtype:web-application-activity; sid:300000239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringe.xyz"; classtype:web-application-activity; sid:300000240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummera.xyz"; classtype:web-application-activity; sid:300000241; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerb.xyz"; classtype:web-application-activity; sid:300000242; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerc.xyz"; classtype:web-application-activity; sid:300000243; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummere.xyz"; classtype:web-application-activity; sid:300000244; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerf.xyz"; classtype:web-application-activity; sid:300000245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintera.xyz"; classtype:web-application-activity; sid:300000246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterb.xyz"; classtype:web-application-activity; sid:300000247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterc.xyz"; classtype:web-application-activity; sid:300000248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterd.xyz"; classtype:web-application-activity; sid:300000249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintere.xyz"; classtype:web-application-activity; sid:300000250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterf.xyz"; classtype:web-application-activity; sid:300000251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"premium-news-for.me"; classtype:web-application-activity; sid:300000252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"press-news-for.me"; classtype:web-application-activity; sid:300000253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"producthunter.club"; classtype:web-application-activity; sid:300000255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitablesurvey.site"; classtype:web-application-activity; sid:300000256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lackystack.net"; classtype:web-application-activity; sid:300000165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"link4updatingcentral.work"; classtype:web-application-activity; sid:300000166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"listenthisso.top"; classtype:web-application-activity; sid:300000167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lltrsknoob.click"; classtype:web-application-activity; sid:300000168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"louisvillegigs.net"; classtype:web-application-activity; sid:300000169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckyworldwideprizerandom.rest"; classtype:web-application-activity; sid:300000172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"makingbettermoney.co"; classtype:web-application-activity; sid:300000173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mazestation.games"; classtype:web-application-activity; sid:300000174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"media-cloud.ru"; classtype:web-application-activity; sid:300000175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaadvanced.ru"; classtype:web-application-activity; sid:300000176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mistvideo.ru"; classtype:web-application-activity; sid:300000178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1crater.xyz"; classtype:web-application-activity; sid:300000179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1mountain.xyz"; classtype:web-application-activity; sid:300000180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1planet.xyz"; classtype:web-application-activity; sid:300000181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sea.xyz"; classtype:web-application-activity; sid:300000182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sky.xyz"; classtype:web-application-activity; sid:300000183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7volcano.xyz"; classtype:web-application-activity; sid:300000184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiacrater.xyz"; classtype:web-application-activity; sid:300000185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaocean.xyz"; classtype:web-application-activity; sid:300000186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaplanet.xyz"; classtype:web-application-activity; sid:300000187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiastar.xyz"; classtype:web-application-activity; sid:300000188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiavolcano.xyz"; classtype:web-application-activity; sid:300000189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobyfox.shop"; classtype:web-application-activity; sid:300000190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mybesthealthplan.org"; classtype:web-application-activity; sid:300000191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsinformer.net"; classtype:web-application-activity; sid:300000193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paint-lion-history-loud.xyz"; classtype:web-application-activity; sid:300000196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumna.xyz"; classtype:web-application-activity; sid:300000197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnb.xyz"; classtype:web-application-activity; sid:300000198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnc.xyz"; classtype:web-application-activity; sid:300000199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnd.xyz"; classtype:web-application-activity; sid:300000200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnf.xyz"; classtype:web-application-activity; sid:300000201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringa.xyz"; classtype:web-application-activity; sid:300000202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringb.xyz"; classtype:web-application-activity; sid:300000203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringc.xyz"; classtype:web-application-activity; sid:300000204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringd.xyz"; classtype:web-application-activity; sid:300000205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringf.xyz"; classtype:web-application-activity; sid:300000207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummera.xyz"; classtype:web-application-activity; sid:300000208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerc.xyz"; classtype:web-application-activity; sid:300000209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerd.xyz"; classtype:web-application-activity; sid:300000210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummere.xyz"; classtype:web-application-activity; sid:300000211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerf.xyz"; classtype:web-application-activity; sid:300000212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintera.xyz"; classtype:web-application-activity; sid:300000213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterb.xyz"; classtype:web-application-activity; sid:300000214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterf.xyz"; classtype:web-application-activity; sid:300000218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"people-around.me"; classtype:web-application-activity; sid:300000219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyspeedythefile.vip"; classtype:web-application-activity; sid:300000220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyswiftthefile.vip"; classtype:web-application-activity; sid:300000221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrefinedoverlythefile.vip"; classtype:web-application-activity; sid:300000222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peterhahn.be"; classtype:web-application-activity; sid:300000223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phonesecuritymagic.top"; classtype:web-application-activity; sid:300000224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringb.xyz"; classtype:web-application-activity; sid:300000236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringc.xyz"; classtype:web-application-activity; sid:300000237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringd.xyz"; classtype:web-application-activity; sid:300000238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringe.xyz"; classtype:web-application-activity; sid:300000239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummera.xyz"; classtype:web-application-activity; sid:300000240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerb.xyz"; classtype:web-application-activity; sid:300000241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerc.xyz"; classtype:web-application-activity; sid:300000242; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummere.xyz"; classtype:web-application-activity; sid:300000243; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerf.xyz"; classtype:web-application-activity; sid:300000244; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintera.xyz"; classtype:web-application-activity; sid:300000245; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterb.xyz"; classtype:web-application-activity; sid:300000246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterc.xyz"; classtype:web-application-activity; sid:300000247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterd.xyz"; classtype:web-application-activity; sid:300000248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintere.xyz"; classtype:web-application-activity; sid:300000249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterf.xyz"; classtype:web-application-activity; sid:300000250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"premium-news-for.me"; classtype:web-application-activity; sid:300000251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"press-news-for.me"; classtype:web-application-activity; sid:300000252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"producthunter.club"; classtype:web-application-activity; sid:300000254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitablesurvey.site"; classtype:web-application-activity; sid:300000255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitedsurvey.site"; classtype:web-application-activity; sid:300000256; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitsurvey.live"; classtype:web-application-activity; sid:300000257; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promotionclaim.rest"; classtype:web-application-activity; sid:300000258; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-ios.com"; classtype:web-application-activity; sid:300000259; rev:1;)
@@ -288,19 +288,19 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000281; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000282; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000283; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartuv.shop"; classtype:web-application-activity; sid:300000284; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"software-dealz.de"; classtype:web-application-activity; sid:300000285; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-ocean.xyz"; classtype:web-application-activity; sid:300000286; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-plains.xyz"; classtype:web-application-activity; sid:300000287; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1asteroid.xyz"; classtype:web-application-activity; sid:300000288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1coast.xyz"; classtype:web-application-activity; sid:300000289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1ocean.xyz"; classtype:web-application-activity; sid:300000290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic7sea.xyz"; classtype:web-application-activity; sid:300000291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonicaasteroid.xyz"; classtype:web-application-activity; sid:300000292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonicacrater.xyz"; classtype:web-application-activity; sid:300000293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"software-dealz.de"; classtype:web-application-activity; sid:300000284; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-ocean.xyz"; classtype:web-application-activity; sid:300000285; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-plains.xyz"; classtype:web-application-activity; sid:300000286; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1asteroid.xyz"; classtype:web-application-activity; sid:300000287; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1coast.xyz"; classtype:web-application-activity; sid:300000288; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1ocean.xyz"; classtype:web-application-activity; sid:300000289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic7sea.xyz"; classtype:web-application-activity; sid:300000290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonicaasteroid.xyz"; classtype:web-application-activity; sid:300000291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonicacrater.xyz"; classtype:web-application-activity; sid:300000292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000296; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeuberspeedythefile.vip"; classtype:web-application-activity; sid:300000297; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000298; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000299; rev:1;)
@@ -317,31 +317,31 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syssysupdate.top"; classtype:web-application-activity; sid:300000310; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000311; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"taboo.news"; classtype:web-application-activity; sid:300000312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thanksyoursupport.club"; classtype:web-application-activity; sid:300000313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-crater.xyz"; classtype:web-application-activity; sid:300000314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-sky.xyz"; classtype:web-application-activity; sid:300000315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-star.xyz"; classtype:web-application-activity; sid:300000316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1planet.xyz"; classtype:web-application-activity; sid:300000317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1star.xyz"; classtype:web-application-activity; sid:300000318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1volcano.xyz"; classtype:web-application-activity; sid:300000319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7coast.xyz"; classtype:web-application-activity; sid:300000320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7crater.xyz"; classtype:web-application-activity; sid:300000321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7plains.xyz"; classtype:web-application-activity; sid:300000322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7volcano.xyz"; classtype:web-application-activity; sid:300000323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaasteroid.xyz"; classtype:web-application-activity; sid:300000324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theacrater.xyz"; classtype:web-application-activity; sid:300000325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theastar.xyz"; classtype:web-application-activity; sid:300000326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theavolcano.xyz"; classtype:web-application-activity; sid:300000327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thedealexpert.net"; classtype:web-application-activity; sid:300000328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theirproviderock.top"; classtype:web-application-activity; sid:300000329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timefornews.online"; classtype:web-application-activity; sid:300000331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top-offers2.club"; classtype:web-application-activity; sid:300000332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topdating.online"; classtype:web-application-activity; sid:300000333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tracking-landers.xyz"; classtype:web-application-activity; sid:300000334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trotineo.fr"; classtype:web-application-activity; sid:300000335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"truecompassion.net"; classtype:web-application-activity; sid:300000336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatefix.xyz"; classtype:web-application-activity; sid:300000337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"techandgadgets.net"; classtype:web-application-activity; sid:300000313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thanksyoursupport.club"; classtype:web-application-activity; sid:300000314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-crater.xyz"; classtype:web-application-activity; sid:300000315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-sky.xyz"; classtype:web-application-activity; sid:300000316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-star.xyz"; classtype:web-application-activity; sid:300000317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1planet.xyz"; classtype:web-application-activity; sid:300000318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1star.xyz"; classtype:web-application-activity; sid:300000319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1volcano.xyz"; classtype:web-application-activity; sid:300000320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7coast.xyz"; classtype:web-application-activity; sid:300000321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7crater.xyz"; classtype:web-application-activity; sid:300000322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7plains.xyz"; classtype:web-application-activity; sid:300000323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7volcano.xyz"; classtype:web-application-activity; sid:300000324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaasteroid.xyz"; classtype:web-application-activity; sid:300000325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theacrater.xyz"; classtype:web-application-activity; sid:300000326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theastar.xyz"; classtype:web-application-activity; sid:300000327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theavolcano.xyz"; classtype:web-application-activity; sid:300000328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thedealexpert.net"; classtype:web-application-activity; sid:300000329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theirproviderock.top"; classtype:web-application-activity; sid:300000330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timefornews.online"; classtype:web-application-activity; sid:300000332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top-offers2.club"; classtype:web-application-activity; sid:300000333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topdating.online"; classtype:web-application-activity; sid:300000334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tracking-landers.xyz"; classtype:web-application-activity; sid:300000335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trotineo.fr"; classtype:web-application-activity; sid:300000336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"truecompassion.net"; classtype:web-application-activity; sid:300000337; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updateview.tech"; classtype:web-application-activity; sid:300000338; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplaysite.xyz"; classtype:web-application-activity; sid:300000339; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usforeclosure.net"; classtype:web-application-activity; sid:300000340; rev:1;)
@@ -359,26 +359,25 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videomixact.ru"; classtype:web-application-activity; sid:300000352; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videovoiceable.ru"; classtype:web-application-activity; sid:300000353; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videovoiceace.ru"; classtype:web-application-activity; sid:300000354; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viralsharks.net"; classtype:web-application-activity; sid:300000355; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn-pro.club"; classtype:web-application-activity; sid:300000356; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallda.site"; classtype:web-application-activity; sid:300000357; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-security.ml"; classtype:web-application-activity; sid:300000358; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000359; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1asteroid.xyz"; classtype:web-application-activity; sid:300000360; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1ocean.xyz"; classtype:web-application-activity; sid:300000361; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1plains.xyz"; classtype:web-application-activity; sid:300000362; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1sky.xyz"; classtype:web-application-activity; sid:300000363; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1star.xyz"; classtype:web-application-activity; sid:300000364; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaasteroid.xyz"; classtype:web-application-activity; sid:300000365; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westamountain.xyz"; classtype:web-application-activity; sid:300000366; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaocean.xyz"; classtype:web-application-activity; sid:300000367; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaplanet.xyz"; classtype:web-application-activity; sid:300000368; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westasea.xyz"; classtype:web-application-activity; sid:300000369; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westastar.xyz"; classtype:web-application-activity; sid:300000370; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldtechguide.net"; classtype:web-application-activity; sid:300000371; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000372; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"your-magazine.me"; classtype:web-application-activity; sid:300000373; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000374; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000375; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zalando-prive.es"; classtype:web-application-activity; sid:300000376; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zeusmedia.info"; classtype:web-application-activity; sid:300000377; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn-pro.club"; classtype:web-application-activity; sid:300000355; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallda.site"; classtype:web-application-activity; sid:300000356; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-security.ml"; classtype:web-application-activity; sid:300000357; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000358; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1asteroid.xyz"; classtype:web-application-activity; sid:300000359; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1ocean.xyz"; classtype:web-application-activity; sid:300000360; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1plains.xyz"; classtype:web-application-activity; sid:300000361; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1sky.xyz"; classtype:web-application-activity; sid:300000362; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1star.xyz"; classtype:web-application-activity; sid:300000363; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaasteroid.xyz"; classtype:web-application-activity; sid:300000364; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westamountain.xyz"; classtype:web-application-activity; sid:300000365; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaocean.xyz"; classtype:web-application-activity; sid:300000366; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaplanet.xyz"; classtype:web-application-activity; sid:300000367; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westasea.xyz"; classtype:web-application-activity; sid:300000368; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westastar.xyz"; classtype:web-application-activity; sid:300000369; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldtechguide.net"; classtype:web-application-activity; sid:300000370; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000371; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"your-magazine.me"; classtype:web-application-activity; sid:300000372; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000373; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000374; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zalando-prive.es"; classtype:web-application-activity; sid:300000375; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zeusmedia.info"; classtype:web-application-activity; sid:300000376; rev:1;)

dist/pup-filter-unbound.conf

@@ -1,6 +1,6 @@
 # Title: PUP Domains Unbound Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 local-zone: "2021travel.net" always_nxdomain
 local-zone: "abcscience.xyz" always_nxdomain
 local-zone: "aikoo.club" always_nxdomain
+local-zone: "amobil.online" always_nxdomain
 local-zone: "android-browser.live" always_nxdomain
 local-zone: "android-web.live" always_nxdomain
 local-zone: "aphicus.xyz" always_nxdomain
@@ -21,6 +22,7 @@ local-zone: "be-5hdo32xes-ok.live" always_nxdomain
 local-zone: "be-n9lnns3n-ok.live" always_nxdomain
 local-zone: "be-us-cars-for-seniors-ok.live" always_nxdomain
 local-zone: "be-us-exercise-bikes-ok.live" always_nxdomain
+local-zone: "beautinow.nl" always_nxdomain
 local-zone: "beinspired.global" always_nxdomain
 local-zone: "benefiio.org" always_nxdomain
 local-zone: "bkk755.biz" always_nxdomain
@@ -50,13 +52,12 @@ local-zone: "chipovysta.pro" always_nxdomain
 local-zone: "claimrewards.rest" always_nxdomain
 local-zone: "clickon.buzz" always_nxdomain
 local-zone: "coatofarms.nyc" always_nxdomain
+local-zone: "conndickens.icu" always_nxdomain
 local-zone: "connecttheupgradingurls.work" always_nxdomain
 local-zone: "consumerprotectioncybersecurity.org" always_nxdomain
 local-zone: "contentamigo.ru" always_nxdomain
 local-zone: "contentarea.ru" always_nxdomain
-local-zone: "cooltech.blog" always_nxdomain
 local-zone: "country-news.live" always_nxdomain
-local-zone: "craftstash.us" always_nxdomain
 local-zone: "crazyprize.buzz" always_nxdomain
 local-zone: "credit-monitoring-360.xyz" always_nxdomain
 local-zone: "crowdweightyellow.top" always_nxdomain
@@ -89,6 +90,7 @@ local-zone: "enjoyasky.xyz" always_nxdomain
 local-zone: "enjoyastar.xyz" always_nxdomain
 local-zone: "enjoyavolcano.xyz" always_nxdomain
 local-zone: "euronordvpn.com" always_nxdomain
+local-zone: "expatriates.pk" always_nxdomain
 local-zone: "exploreshops.net" always_nxdomain
 local-zone: "fastfactsonline.co" always_nxdomain
 local-zone: "fastspinc.xyz" always_nxdomain
@@ -111,7 +113,6 @@ local-zone: "gladmstreet.xyz" always_nxdomain
 local-zone: "global-track.space" always_nxdomain
 local-zone: "golddellifewonder.rest" always_nxdomain
 local-zone: "gonesteeldouble.top" always_nxdomain
-local-zone: "grandencryptions.me" always_nxdomain
 local-zone: "grantaidauthority.site" always_nxdomain
 local-zone: "healthfactor.io" always_nxdomain
 local-zone: "healthnfitness.site" always_nxdomain
@@ -138,7 +139,6 @@ local-zone: "installprecisehighlythefile.vip" always_nxdomain
 local-zone: "installprogressiveintenselythefile.vip" always_nxdomain
 local-zone: "installstronghighlythefile.vip" always_nxdomain
 local-zone: "intelectaction.ru" always_nxdomain
-local-zone: "investinfo.net" always_nxdomain
 local-zone: "ipaint.us" always_nxdomain
 local-zone: "ironprovpn.me" always_nxdomain
 local-zone: "jojomamanbebe.ie" always_nxdomain
@@ -169,7 +169,6 @@ local-zone: "koalawinterb.xyz" always_nxdomain
 local-zone: "koalawinterc.xyz" always_nxdomain
 local-zone: "koalawinterd.xyz" always_nxdomain
 local-zone: "koalawintere.xyz" always_nxdomain
-local-zone: "kompsos.uk" always_nxdomain
 local-zone: "lackystack.net" always_nxdomain
 local-zone: "link4updatingcentral.work" always_nxdomain
 local-zone: "listenthisso.top" always_nxdomain
@@ -178,7 +177,7 @@ local-zone: "louisvillegigs.net" always_nxdomain
 local-zone: "loveorfun.cc" always_nxdomain
 local-zone: "lubbockeda.org" always_nxdomain
 local-zone: "luckyworldwideprizerandom.rest" always_nxdomain
-local-zone: "marketloans.net" always_nxdomain
+local-zone: "makingbettermoney.co" always_nxdomain
 local-zone: "mazestation.games" always_nxdomain
 local-zone: "media-cloud.ru" always_nxdomain
 local-zone: "mediaadvanced.ru" always_nxdomain
@@ -261,6 +260,7 @@ local-zone: "press-news-for.me" always_nxdomain
 local-zone: "prize-messsages.casa" always_nxdomain
 local-zone: "producthunter.club" always_nxdomain
 local-zone: "profitablesurvey.site" always_nxdomain
+local-zone: "profitedsurvey.site" always_nxdomain
 local-zone: "profitsurvey.live" always_nxdomain
 local-zone: "promotionclaim.rest" always_nxdomain
 local-zone: "protect-ios.com" always_nxdomain
@@ -288,7 +288,6 @@ local-zone: "sergey-tracks.xyz" always_nxdomain
 local-zone: "shopin.nyc" always_nxdomain
 local-zone: "shopnsave.world" always_nxdomain
 local-zone: "smartideas.pro" always_nxdomain
-local-zone: "smartuv.shop" always_nxdomain
 local-zone: "software-dealz.de" always_nxdomain
 local-zone: "sonic-ocean.xyz" always_nxdomain
 local-zone: "sonic-plains.xyz" always_nxdomain
@@ -301,6 +300,7 @@ local-zone: "sonicacrater.xyz" always_nxdomain
 local-zone: "spotmapd.xyz" always_nxdomain
 local-zone: "spotmapf.xyz" always_nxdomain
 local-zone: "spotplanetc.xyz" always_nxdomain
+local-zone: "stickr.co" always_nxdomain
 local-zone: "storeuberspeedythefile.vip" always_nxdomain
 local-zone: "streamdevelopedintenselythefile.vip" always_nxdomain
 local-zone: "streamintenselyrefinedthefile.vip" always_nxdomain
@@ -317,6 +317,7 @@ local-zone: "syncrecentintenselythefile.vip" always_nxdomain
 local-zone: "syssysupdate.top" always_nxdomain
 local-zone: "systemupdateme.solutions" always_nxdomain
 local-zone: "taboo.news" always_nxdomain
+local-zone: "techandgadgets.net" always_nxdomain
 local-zone: "thanksyoursupport.club" always_nxdomain
 local-zone: "the-crater.xyz" always_nxdomain
 local-zone: "the-sky.xyz" always_nxdomain
@@ -341,7 +342,6 @@ local-zone: "topdating.online" always_nxdomain
 local-zone: "tracking-landers.xyz" always_nxdomain
 local-zone: "trotineo.fr" always_nxdomain
 local-zone: "truecompassion.net" always_nxdomain
-local-zone: "updatefix.xyz" always_nxdomain
 local-zone: "updateview.tech" always_nxdomain
 local-zone: "upplaysite.xyz" always_nxdomain
 local-zone: "usforeclosure.net" always_nxdomain
@@ -359,7 +359,6 @@ local-zone: "videomixace.ru" always_nxdomain
 local-zone: "videomixact.ru" always_nxdomain
 local-zone: "videovoiceable.ru" always_nxdomain
 local-zone: "videovoiceace.ru" always_nxdomain
-local-zone: "viralsharks.net" always_nxdomain
 local-zone: "vpn-pro.club" always_nxdomain
 local-zone: "wallda.site" always_nxdomain
 local-zone: "web-security.ml" always_nxdomain

dist/pup-filter-vivaldi.txt

@@ -1,6 +1,6 @@
 ! Title: PUP Domains Blocklist (Vivaldi)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 04 Dec 2021 12:03:10 +0000
+! Updated: Sun, 05 Dec 2021 00:02:51 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 ||2021travel.net$document
 ||abcscience.xyz$document
 ||aikoo.club$document
+||amobil.online$document
 ||android-browser.live$document
 ||android-web.live$document
 ||aphicus.xyz$document
@@ -21,6 +22,7 @@
 ||be-n9lnns3n-ok.live$document
 ||be-us-cars-for-seniors-ok.live$document
 ||be-us-exercise-bikes-ok.live$document
+||beautinow.nl$document
 ||beinspired.global$document
 ||benefiio.org$document
 ||bkk755.biz$document
@@ -50,13 +52,12 @@
 ||claimrewards.rest$document
 ||clickon.buzz$document
 ||coatofarms.nyc$document
+||conndickens.icu$document
 ||connecttheupgradingurls.work$document
 ||consumerprotectioncybersecurity.org$document
 ||contentamigo.ru$document
 ||contentarea.ru$document
-||cooltech.blog$document
 ||country-news.live$document
-||craftstash.us$document
 ||crazyprize.buzz$document
 ||credit-monitoring-360.xyz$document
 ||crowdweightyellow.top$document
@@ -89,6 +90,7 @@
 ||enjoyastar.xyz$document
 ||enjoyavolcano.xyz$document
 ||euronordvpn.com$document
+||expatriates.pk$document
 ||exploreshops.net$document
 ||fastfactsonline.co$document
 ||fastspinc.xyz$document
@@ -111,7 +113,6 @@
 ||global-track.space$document
 ||golddellifewonder.rest$document
 ||gonesteeldouble.top$document
-||grandencryptions.me$document
 ||grantaidauthority.site$document
 ||healthfactor.io$document
 ||healthnfitness.site$document
@@ -138,7 +139,6 @@
 ||installprogressiveintenselythefile.vip$document
 ||installstronghighlythefile.vip$document
 ||intelectaction.ru$document
-||investinfo.net$document
 ||ipaint.us$document
 ||ironprovpn.me$document
 ||jojomamanbebe.ie$document
@@ -169,7 +169,6 @@
 ||koalawinterc.xyz$document
 ||koalawinterd.xyz$document
 ||koalawintere.xyz$document
-||kompsos.uk$document
 ||lackystack.net$document
 ||link4updatingcentral.work$document
 ||listenthisso.top$document
@@ -178,7 +177,7 @@
 ||loveorfun.cc$document
 ||lubbockeda.org$document
 ||luckyworldwideprizerandom.rest$document
-||marketloans.net$document
+||makingbettermoney.co$document
 ||mazestation.games$document
 ||media-cloud.ru$document
 ||mediaadvanced.ru$document
@@ -261,6 +260,7 @@
 ||prize-messsages.casa$document
 ||producthunter.club$document
 ||profitablesurvey.site$document
+||profitedsurvey.site$document
 ||profitsurvey.live$document
 ||promotionclaim.rest$document
 ||protect-ios.com$document
@@ -288,7 +288,6 @@
 ||shopin.nyc$document
 ||shopnsave.world$document
 ||smartideas.pro$document
-||smartuv.shop$document
 ||software-dealz.de$document
 ||sonic-ocean.xyz$document
 ||sonic-plains.xyz$document
@@ -301,6 +300,7 @@
 ||spotmapd.xyz$document
 ||spotmapf.xyz$document
 ||spotplanetc.xyz$document
+||stickr.co$document
 ||storeuberspeedythefile.vip$document
 ||streamdevelopedintenselythefile.vip$document
 ||streamintenselyrefinedthefile.vip$document
@@ -317,6 +317,7 @@
 ||syssysupdate.top$document
 ||systemupdateme.solutions$document
 ||taboo.news$document
+||techandgadgets.net$document
 ||thanksyoursupport.club$document
 ||the-crater.xyz$document
 ||the-sky.xyz$document
@@ -341,7 +342,6 @@
 ||tracking-landers.xyz$document
 ||trotineo.fr$document
 ||truecompassion.net$document
-||updatefix.xyz$document
 ||updateview.tech$document
 ||upplaysite.xyz$document
 ||usforeclosure.net$document
@@ -359,7 +359,6 @@
 ||videomixact.ru$document
 ||videovoiceable.ru$document
 ||videovoiceace.ru$document
-||viralsharks.net$document
 ||vpn-pro.club$document
 ||wallda.site$document
 ||web-security.ml$document

dist/pup-filter.tpl

@@ -1,7 +1,7 @@
 msFilterList
 # Title: PUP Hosts Blocklist (IE)
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 04 Dec 2021 12:03:10 +0000
+# Updated: Sun, 05 Dec 2021 00:02:51 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -11,6 +11,7 @@ msFilterList
 -d 2021travel.net
 -d abcscience.xyz
 -d aikoo.club
+-d amobil.online
 -d android-browser.live
 -d android-web.live
 -d aphicus.xyz
@@ -24,6 +25,7 @@ msFilterList
 -d be-n9lnns3n-ok.live
 -d be-us-cars-for-seniors-ok.live
 -d be-us-exercise-bikes-ok.live
+-d beautinow.nl
 -d beinspired.global
 -d benefiio.org
 -d bkk755.biz
@@ -53,13 +55,12 @@ msFilterList
 -d claimrewards.rest
 -d clickon.buzz
 -d coatofarms.nyc
+-d conndickens.icu
 -d connecttheupgradingurls.work
 -d consumerprotectioncybersecurity.org
 -d contentamigo.ru
 -d contentarea.ru
--d cooltech.blog
 -d country-news.live
--d craftstash.us
 -d crazyprize.buzz
 -d credit-monitoring-360.xyz
 -d crowdweightyellow.top
@@ -92,6 +93,7 @@ msFilterList
 -d enjoyastar.xyz
 -d enjoyavolcano.xyz
 -d euronordvpn.com
+-d expatriates.pk
 -d exploreshops.net
 -d fastfactsonline.co
 -d fastspinc.xyz
@@ -114,7 +116,6 @@ msFilterList
 -d global-track.space
 -d golddellifewonder.rest
 -d gonesteeldouble.top
--d grandencryptions.me
 -d grantaidauthority.site
 -d healthfactor.io
 -d healthnfitness.site
@@ -141,7 +142,6 @@ msFilterList
 -d installprogressiveintenselythefile.vip
 -d installstronghighlythefile.vip
 -d intelectaction.ru
--d investinfo.net
 -d ipaint.us
 -d ironprovpn.me
 -d jojomamanbebe.ie
@@ -172,7 +172,6 @@ msFilterList
 -d koalawinterc.xyz
 -d koalawinterd.xyz
 -d koalawintere.xyz
--d kompsos.uk
 -d lackystack.net
 -d link4updatingcentral.work
 -d listenthisso.top
@@ -181,7 +180,7 @@ msFilterList
 -d loveorfun.cc
 -d lubbockeda.org
 -d luckyworldwideprizerandom.rest
--d marketloans.net
+-d makingbettermoney.co
 -d mazestation.games
 -d media-cloud.ru
 -d mediaadvanced.ru
@@ -264,6 +263,7 @@ msFilterList
 -d prize-messsages.casa
 -d producthunter.club
 -d profitablesurvey.site
+-d profitedsurvey.site
 -d profitsurvey.live
 -d promotionclaim.rest
 -d protect-ios.com
@@ -291,7 +291,6 @@ msFilterList
 -d shopin.nyc
 -d shopnsave.world
 -d smartideas.pro
--d smartuv.shop
 -d software-dealz.de
 -d sonic-ocean.xyz
 -d sonic-plains.xyz
@@ -304,6 +303,7 @@ msFilterList
 -d spotmapd.xyz
 -d spotmapf.xyz
 -d spotplanetc.xyz
+-d stickr.co
 -d storeuberspeedythefile.vip
 -d streamdevelopedintenselythefile.vip
 -d streamintenselyrefinedthefile.vip
@@ -320,6 +320,7 @@ msFilterList
 -d syssysupdate.top
 -d systemupdateme.solutions
 -d taboo.news
+-d techandgadgets.net
 -d thanksyoursupport.club
 -d the-crater.xyz
 -d the-sky.xyz
@@ -344,7 +345,6 @@ msFilterList
 -d tracking-landers.xyz
 -d trotineo.fr
 -d truecompassion.net
--d updatefix.xyz
 -d updateview.tech
 -d upplaysite.xyz
 -d usforeclosure.net
@@ -362,7 +362,6 @@ msFilterList
 -d videomixact.ru
 -d videovoiceable.ru
 -d videovoiceace.ru
--d viralsharks.net
 -d vpn-pro.club
 -d wallda.site
 -d web-security.ml

dist/pup-filter.txt

@@ -1,6 +1,6 @@
 ! Title: PUP Domains Blocklist
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 04 Dec 2021 12:03:10 +0000
+! Updated: Sun, 05 Dec 2021 00:02:51 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
@@ -8,6 +8,7 @@
 2021travel.net
 abcscience.xyz
 aikoo.club
+amobil.online
 android-browser.live
 android-web.live
 aphicus.xyz
@@ -21,6 +22,7 @@ be-5hdo32xes-ok.live
 be-n9lnns3n-ok.live
 be-us-cars-for-seniors-ok.live
 be-us-exercise-bikes-ok.live
+beautinow.nl
 beinspired.global
 benefiio.org
 bkk755.biz
@@ -50,13 +52,12 @@ chipovysta.pro
 claimrewards.rest
 clickon.buzz
 coatofarms.nyc
+conndickens.icu
 connecttheupgradingurls.work
 consumerprotectioncybersecurity.org
 contentamigo.ru
 contentarea.ru
-cooltech.blog
 country-news.live
-craftstash.us
 crazyprize.buzz
 credit-monitoring-360.xyz
 crowdweightyellow.top
@@ -89,6 +90,7 @@ enjoyasky.xyz
 enjoyastar.xyz
 enjoyavolcano.xyz
 euronordvpn.com
+expatriates.pk
 exploreshops.net
 fastfactsonline.co
 fastspinc.xyz
@@ -111,7 +113,6 @@ gladmstreet.xyz
 global-track.space
 golddellifewonder.rest
 gonesteeldouble.top
-grandencryptions.me
 grantaidauthority.site
 healthfactor.io
 healthnfitness.site
@@ -138,7 +139,6 @@ installprecisehighlythefile.vip
 installprogressiveintenselythefile.vip
 installstronghighlythefile.vip
 intelectaction.ru
-investinfo.net
 ipaint.us
 ironprovpn.me
 jojomamanbebe.ie
@@ -169,7 +169,6 @@ koalawinterb.xyz
 koalawinterc.xyz
 koalawinterd.xyz
 koalawintere.xyz
-kompsos.uk
 lackystack.net
 link4updatingcentral.work
 listenthisso.top
@@ -178,7 +177,7 @@ louisvillegigs.net
 loveorfun.cc
 lubbockeda.org
 luckyworldwideprizerandom.rest
-marketloans.net
+makingbettermoney.co
 mazestation.games
 media-cloud.ru
 mediaadvanced.ru
@@ -261,6 +260,7 @@ press-news-for.me
 prize-messsages.casa
 producthunter.club
 profitablesurvey.site
+profitedsurvey.site
 profitsurvey.live
 promotionclaim.rest
 protect-ios.com
@@ -288,7 +288,6 @@ sergey-tracks.xyz
 shopin.nyc
 shopnsave.world
 smartideas.pro
-smartuv.shop
 software-dealz.de
 sonic-ocean.xyz
 sonic-plains.xyz
@@ -301,6 +300,7 @@ sonicacrater.xyz
 spotmapd.xyz
 spotmapf.xyz
 spotplanetc.xyz
+stickr.co
 storeuberspeedythefile.vip
 streamdevelopedintenselythefile.vip
 streamintenselyrefinedthefile.vip
@@ -317,6 +317,7 @@ syncrecentintenselythefile.vip
 syssysupdate.top
 systemupdateme.solutions
 taboo.news
+techandgadgets.net
 thanksyoursupport.club
 the-crater.xyz
 the-sky.xyz
@@ -341,7 +342,6 @@ topdating.online
 tracking-landers.xyz
 trotineo.fr
 truecompassion.net
-updatefix.xyz
 updateview.tech
 upplaysite.xyz
 usforeclosure.net
@@ -359,7 +359,6 @@ videomixace.ru
 videomixact.ru
 videovoiceable.ru
 videovoiceace.ru
-viralsharks.net
 vpn-pro.club
 wallda.site
 web-security.ml