curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter updated: Fri, 21 May 2021 00:06:55 UTC

This commit is contained in:
curben-bot 2021-05-21 00:06:55 +00:00
parent 53ce342ffb
commit 1a59aa30b9
14 changed files with 866 additions and 824 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
dist/pup-filter-ag.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 20 May 2021 12:07:10 UTC
! Updated: Fri, 21 May 2021 00:06:55 UTC
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@
||congratsluckygiveawaysmart.cyou$all
||connectionapplication.com$all
||contentgate.cam$all
||contentgate.club$all
||contentgate.fun$all
||contentgate.uno$all
||cooing.top$all
@ -98,7 +99,6 @@
||dailyrep.net$all
||degreenm.top$all
||delightcmain.xyz$all
||desixxx.cloud$all
||digitalinvest.news$all
||displayfriend.xyz$all
||ditvl.com$all
@ -263,10 +263,9 @@
||loadgreatly-bestquickfile.best$all
||loadgreatly-bestrenewedfile.best$all
||loadheavily-bestfreefile.best$all
||loadrecentoverlyfile.digital$all
||loadpreciseuberfile.digital$all
||loadrefineduberfile.digital$all
||loadsophisticateduberfile.digital$all
||loaduberprecisefile.digital$all
||loaduberspeedyfile.digital$all
||locationtracker.services$all
||loosefit.info$all
@ -321,6 +320,7 @@
||officialprizenationalrandom.cyou$all
||onegowc.pw$all
||online-survey.org$all
||onlinecinema.eu$all
||onlineprizesuperpromotion.cyou$all
||operatecompletely-theprecisefile.best$all
||operatecompletely-thespeedyfile.best$all
@ -454,6 +454,7 @@
||search-tool.net$all
||search-trends.co$all
||searchfeed.co$all
||seasoned.co$all
||sec-alert.xyz$all
||sec-alerts.xyz$all
||sec-monitoring.xyz$all
@ -465,6 +466,7 @@
||selfradiance.info$all
||service-care.space$all
||shkshk.site$all
||shopnsave.world$all
||shoppingexp.xyz$all
||spotplanetc.xyz$all
||spotplanetd.xyz$all
@ -553,6 +555,7 @@
||thehealthystyle.info$all
||thehealthyvibe.info$all
||thehotshot.info$all
||thelastpicture.show$all
||thenewjourney.info$all
||thepackage.club$all
||thesafestplayerlinks.work$all
@ -604,7 +607,6 @@
||wellnessplum.info$all
||wherentlybrane.site$all
||worldwideofficialrewardssuper.cyou$all
||wowlifestyle.info$all
||youngleaf.biz$all
||yourbestlinkupgrade.info$all
||yourbestlinkupgrades.info$all
@ -618,6 +620,7 @@
||yourlegendaryplaceupgrading.work$all
||yourlegendaryplayerupdate.work$all
||yourlegendaryplayerupdating.work$all
||yourlegendarysystemsupgrade.work$all
||yourlegendaryvideoupgrades.info$all
||yourlegendaryvideoupgrading.info$all
||yourlinkplaceupdatingfree.work$all

13
dist/pup-filter-agh.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard Home)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 20 May 2021 12:07:10 UTC
! Updated: Fri, 21 May 2021 00:06:55 UTC
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@
||congratsluckygiveawaysmart.cyou^
||connectionapplication.com^
||contentgate.cam^
||contentgate.club^
||contentgate.fun^
||contentgate.uno^
||cooing.top^
@ -98,7 +99,6 @@
||dailyrep.net^
||degreenm.top^
||delightcmain.xyz^
||desixxx.cloud^
||digitalinvest.news^
||displayfriend.xyz^
||ditvl.com^
@ -263,10 +263,9 @@
||loadgreatly-bestquickfile.best^
||loadgreatly-bestrenewedfile.best^
||loadheavily-bestfreefile.best^
||loadrecentoverlyfile.digital^
||loadpreciseuberfile.digital^
||loadrefineduberfile.digital^
||loadsophisticateduberfile.digital^
||loaduberprecisefile.digital^
||loaduberspeedyfile.digital^
||locationtracker.services^
||loosefit.info^
@ -321,6 +320,7 @@
||officialprizenationalrandom.cyou^
||onegowc.pw^
||online-survey.org^
||onlinecinema.eu^
||onlineprizesuperpromotion.cyou^
||operatecompletely-theprecisefile.best^
||operatecompletely-thespeedyfile.best^
@ -454,6 +454,7 @@
||search-tool.net^
||search-trends.co^
||searchfeed.co^
||seasoned.co^
||sec-alert.xyz^
||sec-alerts.xyz^
||sec-monitoring.xyz^
@ -465,6 +466,7 @@
||selfradiance.info^
||service-care.space^
||shkshk.site^
||shopnsave.world^
||shoppingexp.xyz^
||spotplanetc.xyz^
||spotplanetd.xyz^
@ -553,6 +555,7 @@
||thehealthystyle.info^
||thehealthyvibe.info^
||thehotshot.info^
||thelastpicture.show^
||thenewjourney.info^
||thepackage.club^
||thesafestplayerlinks.work^
@ -604,7 +607,6 @@
||wellnessplum.info^
||wherentlybrane.site^
||worldwideofficialrewardssuper.cyou^
||wowlifestyle.info^
||youngleaf.biz^
||yourbestlinkupgrade.info^
||yourbestlinkupgrades.info^
@ -618,6 +620,7 @@
||yourlegendaryplaceupgrading.work^
||yourlegendaryplayerupdate.work^
||yourlegendaryplayerupdating.work^
||yourlegendarysystemsupgrade.work^
||yourlegendaryvideoupgrades.info^
||yourlegendaryvideoupgrading.info^
||yourlinkplaceupdatingfree.work^

13
dist/pup-filter-bind.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains BIND Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@ zone "congrats-lucky-giveaway-smart.cyou" { type master; notify no; file "null.z
zone "congratsluckygiveawaysmart.cyou" { type master; notify no; file "null.zone.file"; };
zone "connectionapplication.com" { type master; notify no; file "null.zone.file"; };
zone "contentgate.cam" { type master; notify no; file "null.zone.file"; };
zone "contentgate.club" { type master; notify no; file "null.zone.file"; };
zone "contentgate.fun" { type master; notify no; file "null.zone.file"; };
zone "contentgate.uno" { type master; notify no; file "null.zone.file"; };
zone "cooing.top" { type master; notify no; file "null.zone.file"; };
@ -98,7 +99,6 @@ zone "dailymedia.work" { type master; notify no; file "null.zone.file"; };
zone "dailyrep.net" { type master; notify no; file "null.zone.file"; };
zone "degreenm.top" { type master; notify no; file "null.zone.file"; };
zone "delightcmain.xyz" { type master; notify no; file "null.zone.file"; };
zone "desixxx.cloud" { type master; notify no; file "null.zone.file"; };
zone "digitalinvest.news" { type master; notify no; file "null.zone.file"; };
zone "displayfriend.xyz" { type master; notify no; file "null.zone.file"; };
zone "ditvl.com" { type master; notify no; file "null.zone.file"; };
@ -263,10 +263,9 @@ zone "loadgreatly-bestadvancedfile.best" { type master; notify no; file "null.zo
zone "loadgreatly-bestquickfile.best" { type master; notify no; file "null.zone.file"; };
zone "loadgreatly-bestrenewedfile.best" { type master; notify no; file "null.zone.file"; };
zone "loadheavily-bestfreefile.best" { type master; notify no; file "null.zone.file"; };
zone "loadrecentoverlyfile.digital" { type master; notify no; file "null.zone.file"; };
zone "loadpreciseuberfile.digital" { type master; notify no; file "null.zone.file"; };
zone "loadrefineduberfile.digital" { type master; notify no; file "null.zone.file"; };
zone "loadsophisticateduberfile.digital" { type master; notify no; file "null.zone.file"; };
zone "loaduberprecisefile.digital" { type master; notify no; file "null.zone.file"; };
zone "loaduberspeedyfile.digital" { type master; notify no; file "null.zone.file"; };
zone "locationtracker.services" { type master; notify no; file "null.zone.file"; };
zone "loosefit.info" { type master; notify no; file "null.zone.file"; };
@ -321,6 +320,7 @@ zone "official-prize-national-random.cyou" { type master; notify no; file "null.
zone "officialprizenationalrandom.cyou" { type master; notify no; file "null.zone.file"; };
zone "onegowc.pw" { type master; notify no; file "null.zone.file"; };
zone "online-survey.org" { type master; notify no; file "null.zone.file"; };
zone "onlinecinema.eu" { type master; notify no; file "null.zone.file"; };
zone "onlineprizesuperpromotion.cyou" { type master; notify no; file "null.zone.file"; };
zone "operatecompletely-theprecisefile.best" { type master; notify no; file "null.zone.file"; };
zone "operatecompletely-thespeedyfile.best" { type master; notify no; file "null.zone.file"; };
@ -454,6 +454,7 @@ zone "score-monitoring.xyz" { type master; notify no; file "null.zone.file"; };
zone "search-tool.net" { type master; notify no; file "null.zone.file"; };
zone "search-trends.co" { type master; notify no; file "null.zone.file"; };
zone "searchfeed.co" { type master; notify no; file "null.zone.file"; };
zone "seasoned.co" { type master; notify no; file "null.zone.file"; };
zone "sec-alert.xyz" { type master; notify no; file "null.zone.file"; };
zone "sec-alerts.xyz" { type master; notify no; file "null.zone.file"; };
zone "sec-monitoring.xyz" { type master; notify no; file "null.zone.file"; };
@ -465,6 +466,7 @@ zone "seemlast.monster" { type master; notify no; file "null.zone.file"; };
zone "selfradiance.info" { type master; notify no; file "null.zone.file"; };
zone "service-care.space" { type master; notify no; file "null.zone.file"; };
zone "shkshk.site" { type master; notify no; file "null.zone.file"; };
zone "shopnsave.world" { type master; notify no; file "null.zone.file"; };
zone "shoppingexp.xyz" { type master; notify no; file "null.zone.file"; };
zone "spotplanetc.xyz" { type master; notify no; file "null.zone.file"; };
zone "spotplanetd.xyz" { type master; notify no; file "null.zone.file"; };
@ -553,6 +555,7 @@ zone "thehealthpedia.info" { type master; notify no; file "null.zone.file"; };
zone "thehealthystyle.info" { type master; notify no; file "null.zone.file"; };
zone "thehealthyvibe.info" { type master; notify no; file "null.zone.file"; };
zone "thehotshot.info" { type master; notify no; file "null.zone.file"; };
zone "thelastpicture.show" { type master; notify no; file "null.zone.file"; };
zone "thenewjourney.info" { type master; notify no; file "null.zone.file"; };
zone "thepackage.club" { type master; notify no; file "null.zone.file"; };
zone "thesafestplayerlinks.work" { type master; notify no; file "null.zone.file"; };
@ -604,7 +607,6 @@ zone "wellnessgram.info" { type master; notify no; file "null.zone.file"; };
zone "wellnessplum.info" { type master; notify no; file "null.zone.file"; };
zone "wherentlybrane.site" { type master; notify no; file "null.zone.file"; };
zone "worldwideofficialrewardssuper.cyou" { type master; notify no; file "null.zone.file"; };
zone "wowlifestyle.info" { type master; notify no; file "null.zone.file"; };
zone "youngleaf.biz" { type master; notify no; file "null.zone.file"; };
zone "yourbestlinkupgrade.info" { type master; notify no; file "null.zone.file"; };
zone "yourbestlinkupgrades.info" { type master; notify no; file "null.zone.file"; };
@ -618,6 +620,7 @@ zone "yourlegendaryplaceupgrades.info" { type master; notify no; file "null.zone
zone "yourlegendaryplaceupgrading.work" { type master; notify no; file "null.zone.file"; };
zone "yourlegendaryplayerupdate.work" { type master; notify no; file "null.zone.file"; };
zone "yourlegendaryplayerupdating.work" { type master; notify no; file "null.zone.file"; };
zone "yourlegendarysystemsupgrade.work" { type master; notify no; file "null.zone.file"; };
zone "yourlegendaryvideoupgrades.info" { type master; notify no; file "null.zone.file"; };
zone "yourlegendaryvideoupgrading.info" { type master; notify no; file "null.zone.file"; };
zone "yourlinkplaceupdatingfree.work" { type master; notify no; file "null.zone.file"; };

13
dist/pup-filter-dnsmasq.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains dnsmasq Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@ address=/congrats-lucky-giveaway-smart.cyou/0.0.0.0
address=/congratsluckygiveawaysmart.cyou/0.0.0.0
address=/connectionapplication.com/0.0.0.0
address=/contentgate.cam/0.0.0.0
address=/contentgate.club/0.0.0.0
address=/contentgate.fun/0.0.0.0
address=/contentgate.uno/0.0.0.0
address=/cooing.top/0.0.0.0
@ -98,7 +99,6 @@ address=/dailymedia.work/0.0.0.0
address=/dailyrep.net/0.0.0.0
address=/degreenm.top/0.0.0.0
address=/delightcmain.xyz/0.0.0.0
address=/desixxx.cloud/0.0.0.0
address=/digitalinvest.news/0.0.0.0
address=/displayfriend.xyz/0.0.0.0
address=/ditvl.com/0.0.0.0
@ -263,10 +263,9 @@ address=/loadgreatly-bestadvancedfile.best/0.0.0.0
address=/loadgreatly-bestquickfile.best/0.0.0.0
address=/loadgreatly-bestrenewedfile.best/0.0.0.0
address=/loadheavily-bestfreefile.best/0.0.0.0
address=/loadrecentoverlyfile.digital/0.0.0.0
address=/loadpreciseuberfile.digital/0.0.0.0
address=/loadrefineduberfile.digital/0.0.0.0
address=/loadsophisticateduberfile.digital/0.0.0.0
address=/loaduberprecisefile.digital/0.0.0.0
address=/loaduberspeedyfile.digital/0.0.0.0
address=/locationtracker.services/0.0.0.0
address=/loosefit.info/0.0.0.0
@ -321,6 +320,7 @@ address=/official-prize-national-random.cyou/0.0.0.0
address=/officialprizenationalrandom.cyou/0.0.0.0
address=/onegowc.pw/0.0.0.0
address=/online-survey.org/0.0.0.0
address=/onlinecinema.eu/0.0.0.0
address=/onlineprizesuperpromotion.cyou/0.0.0.0
address=/operatecompletely-theprecisefile.best/0.0.0.0
address=/operatecompletely-thespeedyfile.best/0.0.0.0
@ -454,6 +454,7 @@ address=/score-monitoring.xyz/0.0.0.0
address=/search-tool.net/0.0.0.0
address=/search-trends.co/0.0.0.0
address=/searchfeed.co/0.0.0.0
address=/seasoned.co/0.0.0.0
address=/sec-alert.xyz/0.0.0.0
address=/sec-alerts.xyz/0.0.0.0
address=/sec-monitoring.xyz/0.0.0.0
@ -465,6 +466,7 @@ address=/seemlast.monster/0.0.0.0
address=/selfradiance.info/0.0.0.0
address=/service-care.space/0.0.0.0
address=/shkshk.site/0.0.0.0
address=/shopnsave.world/0.0.0.0
address=/shoppingexp.xyz/0.0.0.0
address=/spotplanetc.xyz/0.0.0.0
address=/spotplanetd.xyz/0.0.0.0
@ -553,6 +555,7 @@ address=/thehealthpedia.info/0.0.0.0
address=/thehealthystyle.info/0.0.0.0
address=/thehealthyvibe.info/0.0.0.0
address=/thehotshot.info/0.0.0.0
address=/thelastpicture.show/0.0.0.0
address=/thenewjourney.info/0.0.0.0
address=/thepackage.club/0.0.0.0
address=/thesafestplayerlinks.work/0.0.0.0
@ -604,7 +607,6 @@ address=/wellnessgram.info/0.0.0.0
address=/wellnessplum.info/0.0.0.0
address=/wherentlybrane.site/0.0.0.0
address=/worldwideofficialrewardssuper.cyou/0.0.0.0
address=/wowlifestyle.info/0.0.0.0
address=/youngleaf.biz/0.0.0.0
address=/yourbestlinkupgrade.info/0.0.0.0
address=/yourbestlinkupgrades.info/0.0.0.0
@ -618,6 +620,7 @@ address=/yourlegendaryplaceupgrades.info/0.0.0.0
address=/yourlegendaryplaceupgrading.work/0.0.0.0
address=/yourlegendaryplayerupdate.work/0.0.0.0
address=/yourlegendaryplayerupdating.work/0.0.0.0
address=/yourlegendarysystemsupgrade.work/0.0.0.0
address=/yourlegendaryvideoupgrades.info/0.0.0.0
address=/yourlegendaryvideoupgrading.info/0.0.0.0
address=/yourlinkplaceupdatingfree.work/0.0.0.0

13
dist/pup-filter-domains.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@ congrats-lucky-giveaway-smart.cyou
congratsluckygiveawaysmart.cyou
connectionapplication.com
contentgate.cam
contentgate.club
contentgate.fun
contentgate.uno
cooing.top
@ -98,7 +99,6 @@ dailymedia.work
dailyrep.net
degreenm.top
delightcmain.xyz
desixxx.cloud
digitalinvest.news
displayfriend.xyz
ditvl.com
@ -263,10 +263,9 @@ loadgreatly-bestadvancedfile.best
loadgreatly-bestquickfile.best
loadgreatly-bestrenewedfile.best
loadheavily-bestfreefile.best
loadrecentoverlyfile.digital
loadpreciseuberfile.digital
loadrefineduberfile.digital
loadsophisticateduberfile.digital
loaduberprecisefile.digital
loaduberspeedyfile.digital
locationtracker.services
loosefit.info
@ -321,6 +320,7 @@ official-prize-national-random.cyou
officialprizenationalrandom.cyou
onegowc.pw
online-survey.org
onlinecinema.eu
onlineprizesuperpromotion.cyou
operatecompletely-theprecisefile.best
operatecompletely-thespeedyfile.best
@ -454,6 +454,7 @@ score-monitoring.xyz
search-tool.net
search-trends.co
searchfeed.co
seasoned.co
sec-alert.xyz
sec-alerts.xyz
sec-monitoring.xyz
@ -465,6 +466,7 @@ seemlast.monster
selfradiance.info
service-care.space
shkshk.site
shopnsave.world
shoppingexp.xyz
spotplanetc.xyz
spotplanetd.xyz
@ -553,6 +555,7 @@ thehealthpedia.info
thehealthystyle.info
thehealthyvibe.info
thehotshot.info
thelastpicture.show
thenewjourney.info
thepackage.club
thesafestplayerlinks.work
@ -604,7 +607,6 @@ wellnessgram.info
wellnessplum.info
wherentlybrane.site
worldwideofficialrewardssuper.cyou
wowlifestyle.info
youngleaf.biz
yourbestlinkupgrade.info
yourbestlinkupgrades.info
@ -618,6 +620,7 @@ yourlegendaryplaceupgrades.info
yourlegendaryplaceupgrading.work
yourlegendaryplayerupdate.work
yourlegendaryplayerupdating.work
yourlegendarysystemsupgrade.work
yourlegendaryvideoupgrades.info
yourlegendaryvideoupgrading.info
yourlinkplaceupdatingfree.work

13
dist/pup-filter-hosts.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Hosts Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@
0.0.0.0 congratsluckygiveawaysmart.cyou
0.0.0.0 connectionapplication.com
0.0.0.0 contentgate.cam
0.0.0.0 contentgate.club
0.0.0.0 contentgate.fun
0.0.0.0 contentgate.uno
0.0.0.0 cooing.top
@ -98,7 +99,6 @@
0.0.0.0 dailyrep.net
0.0.0.0 degreenm.top
0.0.0.0 delightcmain.xyz
0.0.0.0 desixxx.cloud
0.0.0.0 digitalinvest.news
0.0.0.0 displayfriend.xyz
0.0.0.0 ditvl.com
@ -263,10 +263,9 @@
0.0.0.0 loadgreatly-bestquickfile.best
0.0.0.0 loadgreatly-bestrenewedfile.best
0.0.0.0 loadheavily-bestfreefile.best
0.0.0.0 loadrecentoverlyfile.digital
0.0.0.0 loadpreciseuberfile.digital
0.0.0.0 loadrefineduberfile.digital
0.0.0.0 loadsophisticateduberfile.digital
0.0.0.0 loaduberprecisefile.digital
0.0.0.0 loaduberspeedyfile.digital
0.0.0.0 locationtracker.services
0.0.0.0 loosefit.info
@ -321,6 +320,7 @@
0.0.0.0 officialprizenationalrandom.cyou
0.0.0.0 onegowc.pw
0.0.0.0 online-survey.org
0.0.0.0 onlinecinema.eu
0.0.0.0 onlineprizesuperpromotion.cyou
0.0.0.0 operatecompletely-theprecisefile.best
0.0.0.0 operatecompletely-thespeedyfile.best
@ -454,6 +454,7 @@
0.0.0.0 search-tool.net
0.0.0.0 search-trends.co
0.0.0.0 searchfeed.co
0.0.0.0 seasoned.co
0.0.0.0 sec-alert.xyz
0.0.0.0 sec-alerts.xyz
0.0.0.0 sec-monitoring.xyz
@ -465,6 +466,7 @@
0.0.0.0 selfradiance.info
0.0.0.0 service-care.space
0.0.0.0 shkshk.site
0.0.0.0 shopnsave.world
0.0.0.0 shoppingexp.xyz
0.0.0.0 spotplanetc.xyz
0.0.0.0 spotplanetd.xyz
@ -553,6 +555,7 @@
0.0.0.0 thehealthystyle.info
0.0.0.0 thehealthyvibe.info
0.0.0.0 thehotshot.info
0.0.0.0 thelastpicture.show
0.0.0.0 thenewjourney.info
0.0.0.0 thepackage.club
0.0.0.0 thesafestplayerlinks.work
@ -604,7 +607,6 @@
0.0.0.0 wellnessplum.info
0.0.0.0 wherentlybrane.site
0.0.0.0 worldwideofficialrewardssuper.cyou
0.0.0.0 wowlifestyle.info
0.0.0.0 youngleaf.biz
0.0.0.0 yourbestlinkupgrade.info
0.0.0.0 yourbestlinkupgrades.info
@ -618,6 +620,7 @@
0.0.0.0 yourlegendaryplaceupgrading.work
0.0.0.0 yourlegendaryplayerupdate.work
0.0.0.0 yourlegendaryplayerupdating.work
0.0.0.0 yourlegendarysystemsupgrade.work
0.0.0.0 yourlegendaryvideoupgrades.info
0.0.0.0 yourlegendaryvideoupgrading.info
0.0.0.0 yourlinkplaceupdatingfree.work

15
dist/pup-filter-rpz.conf vendored
View File

@ -1,13 +1,13 @@
; Title: PUP Domains RPZ Blocklist
; Description: Block domains that host potentially unwanted programs (PUP)
; Updated: Thu, 20 May 2021 12:07:10 UTC
; Updated: Fri, 21 May 2021 00:06:55 UTC
; Expires: 1 day (update frequency)
; Homepage: https://gitlab.com/curben/pup-filter
; License: https://gitlab.com/curben/pup-filter#license
; Source: https://github.com/zhouhanc/malware-discoverer
$TTL 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1621512430 86400 3600 604800 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1621555615 86400 3600 604800 30
NS localhost.
123news.website CNAME .
@ -82,6 +82,7 @@ congrats-lucky-giveaway-smart.cyou CNAME .
congratsluckygiveawaysmart.cyou CNAME .
connectionapplication.com CNAME .
contentgate.cam CNAME .
contentgate.club CNAME .
contentgate.fun CNAME .
contentgate.uno CNAME .
cooing.top CNAME .
@ -103,7 +104,6 @@ dailymedia.work CNAME .
dailyrep.net CNAME .
degreenm.top CNAME .
delightcmain.xyz CNAME .
desixxx.cloud CNAME .
digitalinvest.news CNAME .
displayfriend.xyz CNAME .
ditvl.com CNAME .
@ -268,10 +268,9 @@ loadgreatly-bestadvancedfile.best CNAME .
loadgreatly-bestquickfile.best CNAME .
loadgreatly-bestrenewedfile.best CNAME .
loadheavily-bestfreefile.best CNAME .
loadrecentoverlyfile.digital CNAME .
loadpreciseuberfile.digital CNAME .
loadrefineduberfile.digital CNAME .
loadsophisticateduberfile.digital CNAME .
loaduberprecisefile.digital CNAME .
loaduberspeedyfile.digital CNAME .
locationtracker.services CNAME .
loosefit.info CNAME .
@ -326,6 +325,7 @@ official-prize-national-random.cyou CNAME .
officialprizenationalrandom.cyou CNAME .
onegowc.pw CNAME .
online-survey.org CNAME .
onlinecinema.eu CNAME .
onlineprizesuperpromotion.cyou CNAME .
operatecompletely-theprecisefile.best CNAME .
operatecompletely-thespeedyfile.best CNAME .
@ -459,6 +459,7 @@ score-monitoring.xyz CNAME .
search-tool.net CNAME .
search-trends.co CNAME .
searchfeed.co CNAME .
seasoned.co CNAME .
sec-alert.xyz CNAME .
sec-alerts.xyz CNAME .
sec-monitoring.xyz CNAME .
@ -470,6 +471,7 @@ seemlast.monster CNAME .
selfradiance.info CNAME .
service-care.space CNAME .
shkshk.site CNAME .
shopnsave.world CNAME .
shoppingexp.xyz CNAME .
spotplanetc.xyz CNAME .
spotplanetd.xyz CNAME .
@ -558,6 +560,7 @@ thehealthpedia.info CNAME .
thehealthystyle.info CNAME .
thehealthyvibe.info CNAME .
thehotshot.info CNAME .
thelastpicture.show CNAME .
thenewjourney.info CNAME .
thepackage.club CNAME .
thesafestplayerlinks.work CNAME .
@ -609,7 +612,6 @@ wellnessgram.info CNAME .
wellnessplum.info CNAME .
wherentlybrane.site CNAME .
worldwideofficialrewardssuper.cyou CNAME .
wowlifestyle.info CNAME .
youngleaf.biz CNAME .
yourbestlinkupgrade.info CNAME .
yourbestlinkupgrades.info CNAME .
@ -623,6 +625,7 @@ yourlegendaryplaceupgrades.info CNAME .
yourlegendaryplaceupgrading.work CNAME .
yourlegendaryplayerupdate.work CNAME .
yourlegendaryplayerupdating.work CNAME .
yourlegendarysystemsupgrade.work CNAME .
yourlegendaryvideoupgrades.info CNAME .
yourlegendaryvideoupgrading.info CNAME .
yourlinkplaceupdatingfree.work CNAME .

515
dist/pup-filter-snort2.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort2 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -77,28 +77,28 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"congratsluckygiveawaysmart.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000070; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connectionapplication.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000071; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000072; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.uno"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cooing.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitor.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-resources.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptotradingcourses.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptounlimited.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cs-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cselfconnect.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curesector.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.surf"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyrep.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"degreenm.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"delightcmain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"desixxx.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.uno"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cooing.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitor.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-resources.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptotradingcourses.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptounlimited.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cs-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cselfconnect.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curesector.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.surf"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailymedia.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyrep.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"degreenm.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"delightcmain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"digitalinvest.news"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"displayfriend.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ditvl.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
@ -263,64 +263,64 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatly-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatly-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadheavily-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrecentoverlyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadpreciseuberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrefineduberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadsophisticateduberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaduberprecisefile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaduberspeedyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"locationtracker.services"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loosefit.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"louisvillegigs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loveorfun.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckjackcasino.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"madpandatv.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"majorhealthpro.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"makemesafeios.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"managestrong-theuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"manageuber-thenewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"manageuber-therecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"manageuber-thestrongfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"manageuber-theswiftfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mapopts.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mathison.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"max-care.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.surf"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaplayer24.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medicomatic.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medicreed.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medjournalketo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medsjournal.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeryslotspin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"merryplayglobal.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"merryplayworld.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindbank.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mistraffic.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"modern-security.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"monetizer.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"monitoring-credit.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"multitax.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-credit-score.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"news-new19.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsitedowloads.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nogfw.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nosyknot.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nutrahealth.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nutrinamic.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"official-prize-national-random.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialprizenationalrandom.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onegowc.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-survey.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaduberspeedyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"locationtracker.services"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loosefit.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"louisvillegigs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loveorfun.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckjackcasino.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckymedia.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"madpandatv.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"majorhealthpro.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"makemesafeios.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"managestrong-theuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"manageuber-thenewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"manageuber-therecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"manageuber-thestrongfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"manageuber-theswiftfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mapopts.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mathison.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"max-care.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediagate.surf"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaplayer24.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medicomatic.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medicreed.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medjournalketo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"medsjournal.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeryslotspin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"merryplayglobal.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"merryplayworld.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindbank.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mistraffic.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"modern-security.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"monetizer.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"monitoring-credit.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"multitax.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"my-credit-score.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"news-new19.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsitedowloads.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nogfw.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nosyknot.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nutrahealth.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nutrinamic.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"official-prize-national-random.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialprizenationalrandom.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onegowc.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-survey.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlinecinema.eu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprizesuperpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"operatecompletely-theprecisefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"operatecompletely-thespeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
@ -454,180 +454,183 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-tool.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000447; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-trends.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000448; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchfeed.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000449; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alert.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000450; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000451; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000452; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"second-handjam.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000453; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-made-easy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000454; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-pro.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000455; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-protection.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000456; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seemlast.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000457; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"selfradiance.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000458; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-care.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000459; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shkshk.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000460; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shoppingexp.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000461; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000462; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000463; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotspinb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000464; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotspotf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000465; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000466; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000467; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springsitea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000468; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springsitef.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000469; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stay-notified.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000470; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stingyscent.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000471; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeheavily-thefreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000472; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeheavily-thequickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000473; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeheavily-thespeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000474; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeheavily-thestrongfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000475; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storelatest-theoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000476; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storenewest-theoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000477; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeoverly-theadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000478; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeoverly-thecurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000479; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeoverly-thelatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000480; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeoverly-thenewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000481; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storerecent-theoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000482; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storespeedy-theheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000483; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeswift-theheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000484; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000485; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000486; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000487; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestnewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000488; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamfree-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000489; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000490; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000491; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000492; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000493; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000494; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000495; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamquick-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000496; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000497; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"styleandhealth.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000498; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000499; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sugar-legal-about13.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000500; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superiorcare.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000501; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superplace4upgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000502; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superplace4upgrading.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000503; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superplaceforupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000504; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey-club.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000505; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey-review.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000506; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncadvanced-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000507; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccompletely-bestoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000508; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccompletely-bestprogressivefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000509; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccompletely-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000510; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncgreatly-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000511; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncheavily-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000512; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000513; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000514; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestprogressivefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000515; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000516; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000517; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestspeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000518; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncintensely-bestprogressivefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000519; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatest-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000520; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncoriginal-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000521; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncprogressive-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000522; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncprogressive-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000523; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrenewed-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000524; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncstrong-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000525; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000526; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000527; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestprecisefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000528; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestprogressivefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000529; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestrefinedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000530; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000531; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"talskingest.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000532; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tastefulwood.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000533; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tdstraffic.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000534; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theable.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000535; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thebettercleanplayer.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000536; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thebettercleanplayers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000537; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theconnectvpn.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000538; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thecryptomoney.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000539; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thefatburner.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000540; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thefitproject.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000541; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthcurve.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000542; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthcycle.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000543; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthgo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000544; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthpedia.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000545; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthystyle.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000546; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthyvibe.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000547; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehotshot.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000548; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thenewjourney.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000549; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thepackage.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000550; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thesafestplayerlinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000551; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thesafestreliablelink.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000552; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theslotomania.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000553; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thestablealwayssafeupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000554; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thestablegreatupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000555; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thestablegreatupgrades.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000556; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thrillqueen.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000557; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"toovolution.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000558; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"topnotchsports.tips"; content:"Host"; http_header; classtype:web-application-activity; sid:300000559; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trafficbounce.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000560; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trafficgate.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000561; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trane.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000562; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trktraf.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000563; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trkvpn.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000564; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tryoneshot-keto.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000565; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"uclaimrewards.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000566; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"unequalfaucet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000567; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniremedy.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000568; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitehealth.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000569; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upbeatcboulevard.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000570; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upbeatmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000571; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upbeatmway.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000572; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatecurrent-thegreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000573; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updategreatly-thecurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000574; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updategreatly-thenewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000575; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updategreatly-therecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000576; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatelatest-thegreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000577; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updaterecent-thegreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000578; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upmakesite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000579; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplayglobal.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000580; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vexearth.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000581; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"viral-surveys.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000582; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"viralarticles.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000583; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vital-health.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000584; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vitalrole.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000585; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn-pro.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000586; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn1aprotectplus.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000587; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnadefenceplus.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000588; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpntool.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000589; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnupdatesnow.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000590; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000591; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"website4all.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000592; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"websiteforall.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000593; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"websitetoget.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000594; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtip.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000595; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellnessgram.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000596; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellnessplum.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000597; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wherentlybrane.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000598; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialrewardssuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000599; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wowlifestyle.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000600; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"youngleaf.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000601; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000602; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000603; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrading.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000604; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestvideoconnection.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000605; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestvideoconnections.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000606; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbettercleanplayer.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000607; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbettercleanplayers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000608; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000609; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000610; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrading.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000611; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplayerupdate.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000612; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplayerupdating.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000613; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryvideoupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000614; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryvideoupgrading.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000615; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000616; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestplayerlink.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000617; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestreliablelink.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000618; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafeststablelink.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000619; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafeststablelinks.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000620; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafesystemsupdating.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000621; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourstablegreatupdate.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000622; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourstablegreatupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000623; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourtechplaceforupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000624; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourultimateperfectupgrades.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000625; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ysfetinora.tk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000626; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seasoned.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000450; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alert.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000451; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000452; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000453; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"second-handjam.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000454; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-made-easy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000455; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-pro.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000456; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-protection.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000457; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seemlast.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000458; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"selfradiance.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000459; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-care.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000460; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shkshk.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000461; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000462; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shoppingexp.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000463; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000464; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000465; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotspinb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000466; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotspotf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000467; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000468; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000469; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springsitea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000470; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springsitef.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000471; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stay-notified.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000472; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stingyscent.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000473; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeheavily-thefreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000474; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeheavily-thequickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000475; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeheavily-thespeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000476; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeheavily-thestrongfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000477; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storelatest-theoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000478; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storenewest-theoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000479; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeoverly-theadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000480; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeoverly-thecurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000481; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeoverly-thelatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000482; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeoverly-thenewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000483; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storerecent-theoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000484; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storespeedy-theheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000485; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"storeswift-theheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000486; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000487; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000488; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000489; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestnewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000490; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamfree-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000491; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000492; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000493; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000494; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000495; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000496; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000497; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamquick-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000498; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000499; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"styleandhealth.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000500; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000501; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sugar-legal-about13.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000502; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superiorcare.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000503; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superplace4upgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000504; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superplace4upgrading.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000505; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superplaceforupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000506; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey-club.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000507; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"survey-review.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000508; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncadvanced-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000509; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccompletely-bestoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000510; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccompletely-bestprogressivefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000511; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccompletely-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000512; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncgreatly-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000513; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncheavily-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000514; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000515; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000516; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestprogressivefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000517; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000518; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000519; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synchighly-bestspeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000520; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncintensely-bestprogressivefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000521; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatest-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000522; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncoriginal-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000523; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncprogressive-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000524; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncprogressive-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000525; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrenewed-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000526; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncstrong-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000527; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000528; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000529; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestprecisefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000530; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestprogressivefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000531; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestrefinedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000532; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncuber-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000533; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"talskingest.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000534; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tastefulwood.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000535; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tdstraffic.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000536; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theable.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000537; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thebettercleanplayer.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000538; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thebettercleanplayers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000539; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theconnectvpn.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000540; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thecryptomoney.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000541; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thefatburner.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000542; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thefitproject.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000543; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthcurve.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000544; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthcycle.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000545; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthgo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000546; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthpedia.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000547; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthystyle.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000548; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehealthyvibe.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000549; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thehotshot.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000550; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000551; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thenewjourney.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000552; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thepackage.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000553; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thesafestplayerlinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000554; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thesafestreliablelink.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000555; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theslotomania.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000556; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thestablealwayssafeupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000557; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thestablegreatupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000558; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thestablegreatupgrades.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000559; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thrillqueen.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000560; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"toovolution.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000561; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"topnotchsports.tips"; content:"Host"; http_header; classtype:web-application-activity; sid:300000562; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trafficbounce.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000563; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trafficgate.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000564; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trane.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000565; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trktraf.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000566; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trkvpn.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000567; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tryoneshot-keto.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000568; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"uclaimrewards.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000569; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"unequalfaucet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000570; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"uniremedy.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000571; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitehealth.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000572; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upbeatcboulevard.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000573; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upbeatmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000574; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upbeatmway.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000575; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatecurrent-thegreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000576; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updategreatly-thecurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000577; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updategreatly-thenewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000578; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updategreatly-therecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000579; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatelatest-thegreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000580; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updaterecent-thegreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000581; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upmakesite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000582; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplayglobal.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000583; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vexearth.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000584; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"viral-surveys.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000585; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"viralarticles.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000586; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vital-health.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000587; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vitalrole.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000588; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn-pro.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000589; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn1aprotectplus.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000590; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnadefenceplus.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000591; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpntool.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000592; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnupdatesnow.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000593; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000594; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"website4all.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000595; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"websiteforall.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000596; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"websitetoget.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000597; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtip.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000598; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellnessgram.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000599; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellnessplum.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000600; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wherentlybrane.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000601; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialrewardssuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000602; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"youngleaf.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000603; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000604; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000605; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrading.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000606; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestvideoconnection.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000607; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestvideoconnections.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000608; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbettercleanplayer.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000609; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbettercleanplayers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000610; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000611; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000612; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrading.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000613; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplayerupdate.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000614; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplayerupdating.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000615; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000616; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryvideoupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000617; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryvideoupgrading.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000618; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000619; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestplayerlink.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000620; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestreliablelink.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000621; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafeststablelink.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000622; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafeststablelinks.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000623; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafesystemsupdating.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000624; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourstablegreatupdate.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000625; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourstablegreatupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000626; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourtechplaceforupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000627; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourultimateperfectupgrades.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000628; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ysfetinora.tk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000629; rev:1;)

515
dist/pup-filter-snort3.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort3 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -77,28 +77,28 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"congratsluckygiveawaysmart.cyou",nocase; classtype:web-application-activity; sid:300000070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connectionapplication.com",nocase; classtype:web-application-activity; sid:300000071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.cam",nocase; classtype:web-application-activity; sid:300000072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.fun",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.uno",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cooing.top",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-alerts.xyz",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitor.xyz",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-resources.xyz",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cryptotradingcourses.net",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cryptounlimited.info",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cs-alerts.xyz",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cselfconnect.com",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curesector.today",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.casa",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.cyou",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.monster",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.site",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.space",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.surf",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.work",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyrep.net",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"degreenm.top",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"delightcmain.xyz",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"desixxx.cloud",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.club",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.fun",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.uno",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cooing.top",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-alerts.xyz",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitor.xyz",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-resources.xyz",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cryptotradingcourses.net",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cryptounlimited.info",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cs-alerts.xyz",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cselfconnect.com",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curesector.today",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.casa",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.cyou",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.monster",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.site",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.space",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.surf",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailymedia.work",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyrep.net",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"degreenm.top",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"delightcmain.xyz",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"digitalinvest.news",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"displayfriend.xyz",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ditvl.com",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
@ -263,64 +263,64 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatly-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatly-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadheavily-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrecentoverlyfile.digital",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadpreciseuberfile.digital",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrefineduberfile.digital",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadsophisticateduberfile.digital",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaduberprecisefile.digital",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaduberspeedyfile.digital",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"locationtracker.services",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loosefit.info",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"louisvillegigs.net",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loveorfun.cc",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckjackcasino.info",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.casa",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.cyou",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.fun",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.space",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.website",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"madpandatv.net",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"majorhealthpro.info",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"makemesafeios.com",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"managestrong-theuberfile.best",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"manageuber-thenewestfile.best",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"manageuber-therecentfile.best",nocase; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"manageuber-thestrongfile.best",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"manageuber-theswiftfile.best",nocase; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mapopts.top",nocase; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mathison.io",nocase; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"max-care.info",nocase; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.casa",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.club",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.cyou",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.fun",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.surf",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaplayer24.ml",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medicomatic.info",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medicreed.club",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medjournalketo.info",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medsjournal.info",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"meeryslotspin.xyz",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"merryplayglobal.xyz",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"merryplayworld.xyz",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindbank.ai",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mistraffic.me",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"modern-security.xyz",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"monetizer.co",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"monitoring-credit.xyz",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"multitax.xyz",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"my-credit-score.xyz",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"news-new19.net",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsitedowloads.site",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nogfw.pro",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nosyknot.xyz",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nutrahealth.info",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nutrinamic.info",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"official-prize-national-random.cyou",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"officialprizenationalrandom.cyou",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onegowc.pw",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"online-survey.org",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaduberspeedyfile.digital",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"locationtracker.services",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loosefit.info",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"louisvillegigs.net",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loveorfun.cc",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckjackcasino.info",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.casa",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.cyou",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.fun",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.space",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckymedia.website",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"madpandatv.net",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"majorhealthpro.info",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"makemesafeios.com",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"managestrong-theuberfile.best",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"manageuber-thenewestfile.best",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"manageuber-therecentfile.best",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"manageuber-thestrongfile.best",nocase; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"manageuber-theswiftfile.best",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mapopts.top",nocase; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mathison.io",nocase; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"max-care.info",nocase; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.casa",nocase; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.club",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.cyou",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.fun",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediagate.surf",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaplayer24.ml",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medicomatic.info",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medicreed.club",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medjournalketo.info",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"medsjournal.info",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"meeryslotspin.xyz",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"merryplayglobal.xyz",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"merryplayworld.xyz",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindbank.ai",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mistraffic.me",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"modern-security.xyz",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"monetizer.co",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"monitoring-credit.xyz",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"multitax.xyz",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"my-credit-score.xyz",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"news-new19.net",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsitedowloads.site",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nogfw.pro",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nosyknot.xyz",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nutrahealth.info",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nutrinamic.info",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"official-prize-national-random.cyou",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"officialprizenationalrandom.cyou",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onegowc.pw",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"online-survey.org",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlinecinema.eu",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprizesuperpromotion.cyou",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"operatecompletely-theprecisefile.best",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"operatecompletely-thespeedyfile.best",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
@ -454,180 +454,183 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-tool.net",nocase; classtype:web-application-activity; sid:300000447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-trends.co",nocase; classtype:web-application-activity; sid:300000448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchfeed.co",nocase; classtype:web-application-activity; sid:300000449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alert.xyz",nocase; classtype:web-application-activity; sid:300000450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alerts.xyz",nocase; classtype:web-application-activity; sid:300000451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"second-handjam.xyz",nocase; classtype:web-application-activity; sid:300000453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-made-easy.xyz",nocase; classtype:web-application-activity; sid:300000454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-pro.xyz",nocase; classtype:web-application-activity; sid:300000455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-protection.xyz",nocase; classtype:web-application-activity; sid:300000456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seemlast.monster",nocase; classtype:web-application-activity; sid:300000457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"selfradiance.info",nocase; classtype:web-application-activity; sid:300000458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"service-care.space",nocase; classtype:web-application-activity; sid:300000459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shkshk.site",nocase; classtype:web-application-activity; sid:300000460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shoppingexp.xyz",nocase; classtype:web-application-activity; sid:300000461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetd.xyz",nocase; classtype:web-application-activity; sid:300000463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotspinb.xyz",nocase; classtype:web-application-activity; sid:300000464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotspotf.xyz",nocase; classtype:web-application-activity; sid:300000465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetb.xyz",nocase; classtype:web-application-activity; sid:300000466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springsitea.xyz",nocase; classtype:web-application-activity; sid:300000468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springsitef.xyz",nocase; classtype:web-application-activity; sid:300000469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stay-notified.cc",nocase; classtype:web-application-activity; sid:300000470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stingyscent.xyz",nocase; classtype:web-application-activity; sid:300000471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeheavily-thefreefile.best",nocase; classtype:web-application-activity; sid:300000472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeheavily-thequickfile.best",nocase; classtype:web-application-activity; sid:300000473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeheavily-thespeedyfile.best",nocase; classtype:web-application-activity; sid:300000474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeheavily-thestrongfile.best",nocase; classtype:web-application-activity; sid:300000475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storelatest-theoverlyfile.best",nocase; classtype:web-application-activity; sid:300000476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storenewest-theoverlyfile.best",nocase; classtype:web-application-activity; sid:300000477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeoverly-theadvancedfile.best",nocase; classtype:web-application-activity; sid:300000478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeoverly-thecurrentfile.best",nocase; classtype:web-application-activity; sid:300000479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeoverly-thelatestfile.best",nocase; classtype:web-application-activity; sid:300000480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeoverly-thenewestfile.best",nocase; classtype:web-application-activity; sid:300000481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storerecent-theoverlyfile.best",nocase; classtype:web-application-activity; sid:300000482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storespeedy-theheavilyfile.best",nocase; classtype:web-application-activity; sid:300000483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeswift-theheavilyfile.best",nocase; classtype:web-application-activity; sid:300000484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestnewestfile.best",nocase; classtype:web-application-activity; sid:300000488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamfree-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamquick-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"styleandhealth.info",nocase; classtype:web-application-activity; sid:300000498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sugar-legal-about13.fun",nocase; classtype:web-application-activity; sid:300000500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superiorcare.info",nocase; classtype:web-application-activity; sid:300000501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superplace4upgrade.work",nocase; classtype:web-application-activity; sid:300000502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superplace4upgrading.work",nocase; classtype:web-application-activity; sid:300000503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superplaceforupgrade.info",nocase; classtype:web-application-activity; sid:300000504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"survey-club.club",nocase; classtype:web-application-activity; sid:300000505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"survey-review.club",nocase; classtype:web-application-activity; sid:300000506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncadvanced-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccompletely-bestoriginalfile.best",nocase; classtype:web-application-activity; sid:300000508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccompletely-bestprogressivefile.best",nocase; classtype:web-application-activity; sid:300000509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccompletely-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncgreatly-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncheavily-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestoriginalfile.best",nocase; classtype:web-application-activity; sid:300000514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestprogressivefile.best",nocase; classtype:web-application-activity; sid:300000515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestspeedyfile.best",nocase; classtype:web-application-activity; sid:300000518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncintensely-bestprogressivefile.best",nocase; classtype:web-application-activity; sid:300000519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatest-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncoriginal-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncprogressive-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncprogressive-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrenewed-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncstrong-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestoriginalfile.best",nocase; classtype:web-application-activity; sid:300000527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestprecisefile.best",nocase; classtype:web-application-activity; sid:300000528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestprogressivefile.best",nocase; classtype:web-application-activity; sid:300000529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestrefinedfile.best",nocase; classtype:web-application-activity; sid:300000530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"talskingest.top",nocase; classtype:web-application-activity; sid:300000532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tastefulwood.xyz",nocase; classtype:web-application-activity; sid:300000533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tdstraffic.xyz",nocase; classtype:web-application-activity; sid:300000534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theable.me",nocase; classtype:web-application-activity; sid:300000535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thebettercleanplayer.info",nocase; classtype:web-application-activity; sid:300000536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thebettercleanplayers.info",nocase; classtype:web-application-activity; sid:300000537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theconnectvpn.com",nocase; classtype:web-application-activity; sid:300000538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thecryptomoney.info",nocase; classtype:web-application-activity; sid:300000539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thefatburner.info",nocase; classtype:web-application-activity; sid:300000540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thefitproject.club",nocase; classtype:web-application-activity; sid:300000541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthcurve.info",nocase; classtype:web-application-activity; sid:300000542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthcycle.club",nocase; classtype:web-application-activity; sid:300000543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthgo.info",nocase; classtype:web-application-activity; sid:300000544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthpedia.info",nocase; classtype:web-application-activity; sid:300000545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthystyle.info",nocase; classtype:web-application-activity; sid:300000546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthyvibe.info",nocase; classtype:web-application-activity; sid:300000547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehotshot.info",nocase; classtype:web-application-activity; sid:300000548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thenewjourney.info",nocase; classtype:web-application-activity; sid:300000549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thepackage.club",nocase; classtype:web-application-activity; sid:300000550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thesafestplayerlinks.work",nocase; classtype:web-application-activity; sid:300000551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thesafestreliablelink.work",nocase; classtype:web-application-activity; sid:300000552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theslotomania.info",nocase; classtype:web-application-activity; sid:300000553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thestablealwayssafeupdates.work",nocase; classtype:web-application-activity; sid:300000554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thestablegreatupdates.work",nocase; classtype:web-application-activity; sid:300000555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thestablegreatupgrades.best",nocase; classtype:web-application-activity; sid:300000556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thrillqueen.xyz",nocase; classtype:web-application-activity; sid:300000557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"toovolution.club",nocase; classtype:web-application-activity; sid:300000558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"topnotchsports.tips",nocase; classtype:web-application-activity; sid:300000559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trafficbounce.net",nocase; classtype:web-application-activity; sid:300000560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trafficgate.cc",nocase; classtype:web-application-activity; sid:300000561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trane.fun",nocase; classtype:web-application-activity; sid:300000562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trktraf.club",nocase; classtype:web-application-activity; sid:300000563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trkvpn.xyz",nocase; classtype:web-application-activity; sid:300000564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tryoneshot-keto.net",nocase; classtype:web-application-activity; sid:300000565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"uclaimrewards.net",nocase; classtype:web-application-activity; sid:300000566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"unequalfaucet.xyz",nocase; classtype:web-application-activity; sid:300000567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"uniremedy.info",nocase; classtype:web-application-activity; sid:300000568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"unitehealth.club",nocase; classtype:web-application-activity; sid:300000569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upbeatcboulevard.xyz",nocase; classtype:web-application-activity; sid:300000570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upbeatmstreet.xyz",nocase; classtype:web-application-activity; sid:300000571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upbeatmway.xyz",nocase; classtype:web-application-activity; sid:300000572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatecurrent-thegreatlyfile.best",nocase; classtype:web-application-activity; sid:300000573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updategreatly-thecurrentfile.best",nocase; classtype:web-application-activity; sid:300000574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updategreatly-thenewestfile.best",nocase; classtype:web-application-activity; sid:300000575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updategreatly-therecentfile.best",nocase; classtype:web-application-activity; sid:300000576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatelatest-thegreatlyfile.best",nocase; classtype:web-application-activity; sid:300000577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updaterecent-thegreatlyfile.best",nocase; classtype:web-application-activity; sid:300000578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upmakesite.xyz",nocase; classtype:web-application-activity; sid:300000579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplayglobal.xyz",nocase; classtype:web-application-activity; sid:300000580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vexearth.xyz",nocase; classtype:web-application-activity; sid:300000581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"viral-surveys.win",nocase; classtype:web-application-activity; sid:300000582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"viralarticles.net",nocase; classtype:web-application-activity; sid:300000583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vital-health.club",nocase; classtype:web-application-activity; sid:300000584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vitalrole.info",nocase; classtype:web-application-activity; sid:300000585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn-pro.info",nocase; classtype:web-application-activity; sid:300000586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn1aprotectplus.com",nocase; classtype:web-application-activity; sid:300000587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnadefenceplus.com",nocase; classtype:web-application-activity; sid:300000588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpntool.me",nocase; classtype:web-application-activity; sid:300000589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnupdatesnow.com",nocase; classtype:web-application-activity; sid:300000590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"website4all.info",nocase; classtype:web-application-activity; sid:300000592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"websiteforall.work",nocase; classtype:web-application-activity; sid:300000593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"websitetoget.work",nocase; classtype:web-application-activity; sid:300000594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtip.co",nocase; classtype:web-application-activity; sid:300000595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wellnessgram.info",nocase; classtype:web-application-activity; sid:300000596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wellnessplum.info",nocase; classtype:web-application-activity; sid:300000597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wherentlybrane.site",nocase; classtype:web-application-activity; sid:300000598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialrewardssuper.cyou",nocase; classtype:web-application-activity; sid:300000599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wowlifestyle.info",nocase; classtype:web-application-activity; sid:300000600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"youngleaf.biz",nocase; classtype:web-application-activity; sid:300000601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrade.info",nocase; classtype:web-application-activity; sid:300000602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrades.info",nocase; classtype:web-application-activity; sid:300000603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrading.info",nocase; classtype:web-application-activity; sid:300000604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestvideoconnection.info",nocase; classtype:web-application-activity; sid:300000605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestvideoconnections.info",nocase; classtype:web-application-activity; sid:300000606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbettercleanplayer.info",nocase; classtype:web-application-activity; sid:300000607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbettercleanplayers.info",nocase; classtype:web-application-activity; sid:300000608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrade.info",nocase; classtype:web-application-activity; sid:300000609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrades.info",nocase; classtype:web-application-activity; sid:300000610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrading.work",nocase; classtype:web-application-activity; sid:300000611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplayerupdate.work",nocase; classtype:web-application-activity; sid:300000612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplayerupdating.work",nocase; classtype:web-application-activity; sid:300000613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryvideoupgrades.info",nocase; classtype:web-application-activity; sid:300000614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryvideoupgrading.info",nocase; classtype:web-application-activity; sid:300000615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestplayerlink.best",nocase; classtype:web-application-activity; sid:300000617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestreliablelink.work",nocase; classtype:web-application-activity; sid:300000618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafeststablelink.info",nocase; classtype:web-application-activity; sid:300000619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafeststablelinks.info",nocase; classtype:web-application-activity; sid:300000620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafesystemsupdating.work",nocase; classtype:web-application-activity; sid:300000621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourstablegreatupdate.work",nocase; classtype:web-application-activity; sid:300000622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourstablegreatupdates.work",nocase; classtype:web-application-activity; sid:300000623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourtechplaceforupgrades.info",nocase; classtype:web-application-activity; sid:300000624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourultimateperfectupgrades.work",nocase; classtype:web-application-activity; sid:300000625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ysfetinora.tk",nocase; classtype:web-application-activity; sid:300000626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seasoned.co",nocase; classtype:web-application-activity; sid:300000450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alert.xyz",nocase; classtype:web-application-activity; sid:300000451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alerts.xyz",nocase; classtype:web-application-activity; sid:300000452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"second-handjam.xyz",nocase; classtype:web-application-activity; sid:300000454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-made-easy.xyz",nocase; classtype:web-application-activity; sid:300000455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-pro.xyz",nocase; classtype:web-application-activity; sid:300000456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-protection.xyz",nocase; classtype:web-application-activity; sid:300000457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seemlast.monster",nocase; classtype:web-application-activity; sid:300000458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"selfradiance.info",nocase; classtype:web-application-activity; sid:300000459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"service-care.space",nocase; classtype:web-application-activity; sid:300000460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shkshk.site",nocase; classtype:web-application-activity; sid:300000461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shoppingexp.xyz",nocase; classtype:web-application-activity; sid:300000463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetd.xyz",nocase; classtype:web-application-activity; sid:300000465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotspinb.xyz",nocase; classtype:web-application-activity; sid:300000466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotspotf.xyz",nocase; classtype:web-application-activity; sid:300000467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetb.xyz",nocase; classtype:web-application-activity; sid:300000468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springsitea.xyz",nocase; classtype:web-application-activity; sid:300000470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springsitef.xyz",nocase; classtype:web-application-activity; sid:300000471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stay-notified.cc",nocase; classtype:web-application-activity; sid:300000472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stingyscent.xyz",nocase; classtype:web-application-activity; sid:300000473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeheavily-thefreefile.best",nocase; classtype:web-application-activity; sid:300000474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeheavily-thequickfile.best",nocase; classtype:web-application-activity; sid:300000475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeheavily-thespeedyfile.best",nocase; classtype:web-application-activity; sid:300000476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeheavily-thestrongfile.best",nocase; classtype:web-application-activity; sid:300000477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storelatest-theoverlyfile.best",nocase; classtype:web-application-activity; sid:300000478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storenewest-theoverlyfile.best",nocase; classtype:web-application-activity; sid:300000479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeoverly-theadvancedfile.best",nocase; classtype:web-application-activity; sid:300000480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeoverly-thecurrentfile.best",nocase; classtype:web-application-activity; sid:300000481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeoverly-thelatestfile.best",nocase; classtype:web-application-activity; sid:300000482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeoverly-thenewestfile.best",nocase; classtype:web-application-activity; sid:300000483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storerecent-theoverlyfile.best",nocase; classtype:web-application-activity; sid:300000484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storespeedy-theheavilyfile.best",nocase; classtype:web-application-activity; sid:300000485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"storeswift-theheavilyfile.best",nocase; classtype:web-application-activity; sid:300000486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestnewestfile.best",nocase; classtype:web-application-activity; sid:300000490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamfree-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamquick-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"styleandhealth.info",nocase; classtype:web-application-activity; sid:300000500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sugar-legal-about13.fun",nocase; classtype:web-application-activity; sid:300000502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superiorcare.info",nocase; classtype:web-application-activity; sid:300000503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superplace4upgrade.work",nocase; classtype:web-application-activity; sid:300000504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superplace4upgrading.work",nocase; classtype:web-application-activity; sid:300000505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superplaceforupgrade.info",nocase; classtype:web-application-activity; sid:300000506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"survey-club.club",nocase; classtype:web-application-activity; sid:300000507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"survey-review.club",nocase; classtype:web-application-activity; sid:300000508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncadvanced-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccompletely-bestoriginalfile.best",nocase; classtype:web-application-activity; sid:300000510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccompletely-bestprogressivefile.best",nocase; classtype:web-application-activity; sid:300000511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccompletely-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncgreatly-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncheavily-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestoriginalfile.best",nocase; classtype:web-application-activity; sid:300000516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestprogressivefile.best",nocase; classtype:web-application-activity; sid:300000517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synchighly-bestspeedyfile.best",nocase; classtype:web-application-activity; sid:300000520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncintensely-bestprogressivefile.best",nocase; classtype:web-application-activity; sid:300000521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatest-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncoriginal-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncprogressive-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncprogressive-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrenewed-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncstrong-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestoriginalfile.best",nocase; classtype:web-application-activity; sid:300000529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestprecisefile.best",nocase; classtype:web-application-activity; sid:300000530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestprogressivefile.best",nocase; classtype:web-application-activity; sid:300000531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestrefinedfile.best",nocase; classtype:web-application-activity; sid:300000532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncuber-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"talskingest.top",nocase; classtype:web-application-activity; sid:300000534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tastefulwood.xyz",nocase; classtype:web-application-activity; sid:300000535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tdstraffic.xyz",nocase; classtype:web-application-activity; sid:300000536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theable.me",nocase; classtype:web-application-activity; sid:300000537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thebettercleanplayer.info",nocase; classtype:web-application-activity; sid:300000538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thebettercleanplayers.info",nocase; classtype:web-application-activity; sid:300000539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theconnectvpn.com",nocase; classtype:web-application-activity; sid:300000540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thecryptomoney.info",nocase; classtype:web-application-activity; sid:300000541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thefatburner.info",nocase; classtype:web-application-activity; sid:300000542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thefitproject.club",nocase; classtype:web-application-activity; sid:300000543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthcurve.info",nocase; classtype:web-application-activity; sid:300000544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthcycle.club",nocase; classtype:web-application-activity; sid:300000545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthgo.info",nocase; classtype:web-application-activity; sid:300000546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthpedia.info",nocase; classtype:web-application-activity; sid:300000547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthystyle.info",nocase; classtype:web-application-activity; sid:300000548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehealthyvibe.info",nocase; classtype:web-application-activity; sid:300000549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thehotshot.info",nocase; classtype:web-application-activity; sid:300000550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thenewjourney.info",nocase; classtype:web-application-activity; sid:300000552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thepackage.club",nocase; classtype:web-application-activity; sid:300000553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thesafestplayerlinks.work",nocase; classtype:web-application-activity; sid:300000554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thesafestreliablelink.work",nocase; classtype:web-application-activity; sid:300000555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theslotomania.info",nocase; classtype:web-application-activity; sid:300000556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thestablealwayssafeupdates.work",nocase; classtype:web-application-activity; sid:300000557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thestablegreatupdates.work",nocase; classtype:web-application-activity; sid:300000558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thestablegreatupgrades.best",nocase; classtype:web-application-activity; sid:300000559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thrillqueen.xyz",nocase; classtype:web-application-activity; sid:300000560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"toovolution.club",nocase; classtype:web-application-activity; sid:300000561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"topnotchsports.tips",nocase; classtype:web-application-activity; sid:300000562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trafficbounce.net",nocase; classtype:web-application-activity; sid:300000563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trafficgate.cc",nocase; classtype:web-application-activity; sid:300000564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trane.fun",nocase; classtype:web-application-activity; sid:300000565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trktraf.club",nocase; classtype:web-application-activity; sid:300000566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trkvpn.xyz",nocase; classtype:web-application-activity; sid:300000567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tryoneshot-keto.net",nocase; classtype:web-application-activity; sid:300000568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"uclaimrewards.net",nocase; classtype:web-application-activity; sid:300000569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"unequalfaucet.xyz",nocase; classtype:web-application-activity; sid:300000570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"uniremedy.info",nocase; classtype:web-application-activity; sid:300000571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"unitehealth.club",nocase; classtype:web-application-activity; sid:300000572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upbeatcboulevard.xyz",nocase; classtype:web-application-activity; sid:300000573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upbeatmstreet.xyz",nocase; classtype:web-application-activity; sid:300000574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upbeatmway.xyz",nocase; classtype:web-application-activity; sid:300000575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatecurrent-thegreatlyfile.best",nocase; classtype:web-application-activity; sid:300000576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updategreatly-thecurrentfile.best",nocase; classtype:web-application-activity; sid:300000577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updategreatly-thenewestfile.best",nocase; classtype:web-application-activity; sid:300000578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updategreatly-therecentfile.best",nocase; classtype:web-application-activity; sid:300000579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatelatest-thegreatlyfile.best",nocase; classtype:web-application-activity; sid:300000580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updaterecent-thegreatlyfile.best",nocase; classtype:web-application-activity; sid:300000581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upmakesite.xyz",nocase; classtype:web-application-activity; sid:300000582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplayglobal.xyz",nocase; classtype:web-application-activity; sid:300000583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vexearth.xyz",nocase; classtype:web-application-activity; sid:300000584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"viral-surveys.win",nocase; classtype:web-application-activity; sid:300000585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"viralarticles.net",nocase; classtype:web-application-activity; sid:300000586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vital-health.club",nocase; classtype:web-application-activity; sid:300000587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vitalrole.info",nocase; classtype:web-application-activity; sid:300000588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn-pro.info",nocase; classtype:web-application-activity; sid:300000589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn1aprotectplus.com",nocase; classtype:web-application-activity; sid:300000590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnadefenceplus.com",nocase; classtype:web-application-activity; sid:300000591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpntool.me",nocase; classtype:web-application-activity; sid:300000592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnupdatesnow.com",nocase; classtype:web-application-activity; sid:300000593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"website4all.info",nocase; classtype:web-application-activity; sid:300000595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"websiteforall.work",nocase; classtype:web-application-activity; sid:300000596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"websitetoget.work",nocase; classtype:web-application-activity; sid:300000597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtip.co",nocase; classtype:web-application-activity; sid:300000598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wellnessgram.info",nocase; classtype:web-application-activity; sid:300000599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wellnessplum.info",nocase; classtype:web-application-activity; sid:300000600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wherentlybrane.site",nocase; classtype:web-application-activity; sid:300000601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialrewardssuper.cyou",nocase; classtype:web-application-activity; sid:300000602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"youngleaf.biz",nocase; classtype:web-application-activity; sid:300000603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrade.info",nocase; classtype:web-application-activity; sid:300000604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrades.info",nocase; classtype:web-application-activity; sid:300000605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrading.info",nocase; classtype:web-application-activity; sid:300000606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestvideoconnection.info",nocase; classtype:web-application-activity; sid:300000607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestvideoconnections.info",nocase; classtype:web-application-activity; sid:300000608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbettercleanplayer.info",nocase; classtype:web-application-activity; sid:300000609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbettercleanplayers.info",nocase; classtype:web-application-activity; sid:300000610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrade.info",nocase; classtype:web-application-activity; sid:300000611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrades.info",nocase; classtype:web-application-activity; sid:300000612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrading.work",nocase; classtype:web-application-activity; sid:300000613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplayerupdate.work",nocase; classtype:web-application-activity; sid:300000614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplayerupdating.work",nocase; classtype:web-application-activity; sid:300000615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryvideoupgrades.info",nocase; classtype:web-application-activity; sid:300000617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryvideoupgrading.info",nocase; classtype:web-application-activity; sid:300000618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestplayerlink.best",nocase; classtype:web-application-activity; sid:300000620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestreliablelink.work",nocase; classtype:web-application-activity; sid:300000621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafeststablelink.info",nocase; classtype:web-application-activity; sid:300000622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafeststablelinks.info",nocase; classtype:web-application-activity; sid:300000623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafesystemsupdating.work",nocase; classtype:web-application-activity; sid:300000624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourstablegreatupdate.work",nocase; classtype:web-application-activity; sid:300000625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourstablegreatupdates.work",nocase; classtype:web-application-activity; sid:300000626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourtechplaceforupgrades.info",nocase; classtype:web-application-activity; sid:300000627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourultimateperfectupgrades.work",nocase; classtype:web-application-activity; sid:300000628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ysfetinora.tk",nocase; classtype:web-application-activity; sid:300000629; rev:1;)

515
dist/pup-filter-suricata.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Suricata Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -77,28 +77,28 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"congratsluckygiveawaysmart.cyou"; classtype:web-application-activity; sid:300000070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connectionapplication.com"; classtype:web-application-activity; sid:300000071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.cam"; classtype:web-application-activity; sid:300000072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.fun"; classtype:web-application-activity; sid:300000073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.uno"; classtype:web-application-activity; sid:300000074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cooing.top"; classtype:web-application-activity; sid:300000075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-alerts.xyz"; classtype:web-application-activity; sid:300000076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitor.xyz"; classtype:web-application-activity; sid:300000077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-resources.xyz"; classtype:web-application-activity; sid:300000078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptotradingcourses.net"; classtype:web-application-activity; sid:300000079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptounlimited.info"; classtype:web-application-activity; sid:300000080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cs-alerts.xyz"; classtype:web-application-activity; sid:300000081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cselfconnect.com"; classtype:web-application-activity; sid:300000082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curesector.today"; classtype:web-application-activity; sid:300000083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.casa"; classtype:web-application-activity; sid:300000084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.cyou"; classtype:web-application-activity; sid:300000085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.monster"; classtype:web-application-activity; sid:300000086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.site"; classtype:web-application-activity; sid:300000087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.space"; classtype:web-application-activity; sid:300000088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.surf"; classtype:web-application-activity; sid:300000089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.work"; classtype:web-application-activity; sid:300000090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyrep.net"; classtype:web-application-activity; sid:300000091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"degreenm.top"; classtype:web-application-activity; sid:300000092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delightcmain.xyz"; classtype:web-application-activity; sid:300000093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desixxx.cloud"; classtype:web-application-activity; sid:300000094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.club"; classtype:web-application-activity; sid:300000073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.fun"; classtype:web-application-activity; sid:300000074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.uno"; classtype:web-application-activity; sid:300000075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cooing.top"; classtype:web-application-activity; sid:300000076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-alerts.xyz"; classtype:web-application-activity; sid:300000077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitor.xyz"; classtype:web-application-activity; sid:300000078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-resources.xyz"; classtype:web-application-activity; sid:300000079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptotradingcourses.net"; classtype:web-application-activity; sid:300000080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptounlimited.info"; classtype:web-application-activity; sid:300000081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cs-alerts.xyz"; classtype:web-application-activity; sid:300000082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cselfconnect.com"; classtype:web-application-activity; sid:300000083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curesector.today"; classtype:web-application-activity; sid:300000084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.casa"; classtype:web-application-activity; sid:300000085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.cyou"; classtype:web-application-activity; sid:300000086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.monster"; classtype:web-application-activity; sid:300000087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.site"; classtype:web-application-activity; sid:300000088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.space"; classtype:web-application-activity; sid:300000089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.surf"; classtype:web-application-activity; sid:300000090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailymedia.work"; classtype:web-application-activity; sid:300000091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyrep.net"; classtype:web-application-activity; sid:300000092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"degreenm.top"; classtype:web-application-activity; sid:300000093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delightcmain.xyz"; classtype:web-application-activity; sid:300000094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"digitalinvest.news"; classtype:web-application-activity; sid:300000095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"displayfriend.xyz"; classtype:web-application-activity; sid:300000096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ditvl.com"; classtype:web-application-activity; sid:300000097; rev:1;)
@ -263,64 +263,64 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatly-bestquickfile.best"; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatly-bestrenewedfile.best"; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadheavily-bestfreefile.best"; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrecentoverlyfile.digital"; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadpreciseuberfile.digital"; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrefineduberfile.digital"; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadsophisticateduberfile.digital"; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaduberprecisefile.digital"; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaduberspeedyfile.digital"; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"locationtracker.services"; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loosefit.info"; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"louisvillegigs.net"; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckjackcasino.info"; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.casa"; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.cyou"; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.fun"; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.space"; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.website"; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madpandatv.net"; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"majorhealthpro.info"; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"makemesafeios.com"; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"managestrong-theuberfile.best"; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-thenewestfile.best"; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-therecentfile.best"; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-thestrongfile.best"; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-theswiftfile.best"; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mapopts.top"; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mathison.io"; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"max-care.info"; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.casa"; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.club"; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.cyou"; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.fun"; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.surf"; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaplayer24.ml"; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medicomatic.info"; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medicreed.club"; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medjournalketo.info"; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medsjournal.info"; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeryslotspin.xyz"; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"merryplayglobal.xyz"; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"merryplayworld.xyz"; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindbank.ai"; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mistraffic.me"; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"modern-security.xyz"; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monetizer.co"; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monitoring-credit.xyz"; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"multitax.xyz"; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-credit-score.xyz"; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"news-new19.net"; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsitedowloads.site"; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nogfw.pro"; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nosyknot.xyz"; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nutrahealth.info"; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nutrinamic.info"; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"official-prize-national-random.cyou"; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialprizenationalrandom.cyou"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onegowc.pw"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online-survey.org"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaduberspeedyfile.digital"; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"locationtracker.services"; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loosefit.info"; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"louisvillegigs.net"; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckjackcasino.info"; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.casa"; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.cyou"; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.fun"; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.space"; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckymedia.website"; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madpandatv.net"; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"majorhealthpro.info"; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"makemesafeios.com"; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"managestrong-theuberfile.best"; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-thenewestfile.best"; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-therecentfile.best"; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-thestrongfile.best"; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-theswiftfile.best"; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mapopts.top"; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mathison.io"; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"max-care.info"; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.casa"; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.club"; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.cyou"; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.fun"; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediagate.surf"; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaplayer24.ml"; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medicomatic.info"; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medicreed.club"; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medjournalketo.info"; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medsjournal.info"; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeryslotspin.xyz"; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"merryplayglobal.xyz"; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"merryplayworld.xyz"; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindbank.ai"; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mistraffic.me"; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"modern-security.xyz"; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monetizer.co"; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monitoring-credit.xyz"; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"multitax.xyz"; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"my-credit-score.xyz"; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"news-new19.net"; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsitedowloads.site"; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nogfw.pro"; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nosyknot.xyz"; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nutrahealth.info"; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nutrinamic.info"; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"official-prize-national-random.cyou"; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialprizenationalrandom.cyou"; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onegowc.pw"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online-survey.org"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlinecinema.eu"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprizesuperpromotion.cyou"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatecompletely-theprecisefile.best"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatecompletely-thespeedyfile.best"; classtype:web-application-activity; sid:300000319; rev:1;)
@ -454,180 +454,183 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-tool.net"; classtype:web-application-activity; sid:300000447; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-trends.co"; classtype:web-application-activity; sid:300000448; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchfeed.co"; classtype:web-application-activity; sid:300000449; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alerts.xyz"; classtype:web-application-activity; sid:300000451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-monitoring.xyz"; classtype:web-application-activity; sid:300000452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"second-handjam.xyz"; classtype:web-application-activity; sid:300000453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-made-easy.xyz"; classtype:web-application-activity; sid:300000454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-pro.xyz"; classtype:web-application-activity; sid:300000455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-protection.xyz"; classtype:web-application-activity; sid:300000456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selfradiance.info"; classtype:web-application-activity; sid:300000458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-care.space"; classtype:web-application-activity; sid:300000459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shkshk.site"; classtype:web-application-activity; sid:300000460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shoppingexp.xyz"; classtype:web-application-activity; sid:300000461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetd.xyz"; classtype:web-application-activity; sid:300000463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotspinb.xyz"; classtype:web-application-activity; sid:300000464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotspotf.xyz"; classtype:web-application-activity; sid:300000465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetb.xyz"; classtype:web-application-activity; sid:300000466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springsitea.xyz"; classtype:web-application-activity; sid:300000468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springsitef.xyz"; classtype:web-application-activity; sid:300000469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stay-notified.cc"; classtype:web-application-activity; sid:300000470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stingyscent.xyz"; classtype:web-application-activity; sid:300000471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thefreefile.best"; classtype:web-application-activity; sid:300000472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thequickfile.best"; classtype:web-application-activity; sid:300000473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thespeedyfile.best"; classtype:web-application-activity; sid:300000474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thestrongfile.best"; classtype:web-application-activity; sid:300000475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storelatest-theoverlyfile.best"; classtype:web-application-activity; sid:300000476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storenewest-theoverlyfile.best"; classtype:web-application-activity; sid:300000477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-theadvancedfile.best"; classtype:web-application-activity; sid:300000478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thecurrentfile.best"; classtype:web-application-activity; sid:300000479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thelatestfile.best"; classtype:web-application-activity; sid:300000480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thenewestfile.best"; classtype:web-application-activity; sid:300000481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storerecent-theoverlyfile.best"; classtype:web-application-activity; sid:300000482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storespeedy-theheavilyfile.best"; classtype:web-application-activity; sid:300000483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeswift-theheavilyfile.best"; classtype:web-application-activity; sid:300000484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestnewestfile.best"; classtype:web-application-activity; sid:300000488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamfree-bestmostfile.best"; classtype:web-application-activity; sid:300000489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestlatestfile.best"; classtype:web-application-activity; sid:300000492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestquickfile.best"; classtype:web-application-activity; sid:300000493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestoverlyfile.best"; classtype:web-application-activity; sid:300000495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamquick-bestmostfile.best"; classtype:web-application-activity; sid:300000496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestintenselyfile.best"; classtype:web-application-activity; sid:300000497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"styleandhealth.info"; classtype:web-application-activity; sid:300000498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sugar-legal-about13.fun"; classtype:web-application-activity; sid:300000500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superiorcare.info"; classtype:web-application-activity; sid:300000501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superplace4upgrade.work"; classtype:web-application-activity; sid:300000502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superplace4upgrading.work"; classtype:web-application-activity; sid:300000503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superplaceforupgrade.info"; classtype:web-application-activity; sid:300000504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey-club.club"; classtype:web-application-activity; sid:300000505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey-review.club"; classtype:web-application-activity; sid:300000506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncadvanced-bestuberfile.best"; classtype:web-application-activity; sid:300000507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccompletely-bestoriginalfile.best"; classtype:web-application-activity; sid:300000508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccompletely-bestprogressivefile.best"; classtype:web-application-activity; sid:300000509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccompletely-bestrecentfile.best"; classtype:web-application-activity; sid:300000510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncgreatly-bestrenewedfile.best"; classtype:web-application-activity; sid:300000511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncheavily-bestlatestfile.best"; classtype:web-application-activity; sid:300000512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestfreefile.best"; classtype:web-application-activity; sid:300000513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestoriginalfile.best"; classtype:web-application-activity; sid:300000514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestprogressivefile.best"; classtype:web-application-activity; sid:300000515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestrecentfile.best"; classtype:web-application-activity; sid:300000516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestspeedyfile.best"; classtype:web-application-activity; sid:300000518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncintensely-bestprogressivefile.best"; classtype:web-application-activity; sid:300000519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatest-bestuberfile.best"; classtype:web-application-activity; sid:300000520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncoriginal-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncprogressive-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncprogressive-besthighlyfile.best"; classtype:web-application-activity; sid:300000523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrenewed-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncstrong-bestextremelyfile.best"; classtype:web-application-activity; sid:300000525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestlatestfile.best"; classtype:web-application-activity; sid:300000526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestoriginalfile.best"; classtype:web-application-activity; sid:300000527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestprecisefile.best"; classtype:web-application-activity; sid:300000528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestprogressivefile.best"; classtype:web-application-activity; sid:300000529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestrefinedfile.best"; classtype:web-application-activity; sid:300000530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"talskingest.top"; classtype:web-application-activity; sid:300000532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tastefulwood.xyz"; classtype:web-application-activity; sid:300000533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tdstraffic.xyz"; classtype:web-application-activity; sid:300000534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theable.me"; classtype:web-application-activity; sid:300000535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thebettercleanplayer.info"; classtype:web-application-activity; sid:300000536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thebettercleanplayers.info"; classtype:web-application-activity; sid:300000537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theconnectvpn.com"; classtype:web-application-activity; sid:300000538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thecryptomoney.info"; classtype:web-application-activity; sid:300000539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thefatburner.info"; classtype:web-application-activity; sid:300000540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thefitproject.club"; classtype:web-application-activity; sid:300000541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthcurve.info"; classtype:web-application-activity; sid:300000542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthcycle.club"; classtype:web-application-activity; sid:300000543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthgo.info"; classtype:web-application-activity; sid:300000544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthpedia.info"; classtype:web-application-activity; sid:300000545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthystyle.info"; classtype:web-application-activity; sid:300000546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthyvibe.info"; classtype:web-application-activity; sid:300000547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehotshot.info"; classtype:web-application-activity; sid:300000548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thenewjourney.info"; classtype:web-application-activity; sid:300000549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thepackage.club"; classtype:web-application-activity; sid:300000550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thesafestplayerlinks.work"; classtype:web-application-activity; sid:300000551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thesafestreliablelink.work"; classtype:web-application-activity; sid:300000552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theslotomania.info"; classtype:web-application-activity; sid:300000553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thestablealwayssafeupdates.work"; classtype:web-application-activity; sid:300000554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thestablegreatupdates.work"; classtype:web-application-activity; sid:300000555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thestablegreatupgrades.best"; classtype:web-application-activity; sid:300000556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thrillqueen.xyz"; classtype:web-application-activity; sid:300000557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toovolution.club"; classtype:web-application-activity; sid:300000558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topnotchsports.tips"; classtype:web-application-activity; sid:300000559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficbounce.net"; classtype:web-application-activity; sid:300000560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficgate.cc"; classtype:web-application-activity; sid:300000561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trane.fun"; classtype:web-application-activity; sid:300000562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trktraf.club"; classtype:web-application-activity; sid:300000563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trkvpn.xyz"; classtype:web-application-activity; sid:300000564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tryoneshot-keto.net"; classtype:web-application-activity; sid:300000565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uclaimrewards.net"; classtype:web-application-activity; sid:300000566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unequalfaucet.xyz"; classtype:web-application-activity; sid:300000567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniremedy.info"; classtype:web-application-activity; sid:300000568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitehealth.club"; classtype:web-application-activity; sid:300000569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatcboulevard.xyz"; classtype:web-application-activity; sid:300000570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatmstreet.xyz"; classtype:web-application-activity; sid:300000571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatmway.xyz"; classtype:web-application-activity; sid:300000572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatecurrent-thegreatlyfile.best"; classtype:web-application-activity; sid:300000573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-thecurrentfile.best"; classtype:web-application-activity; sid:300000574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-thenewestfile.best"; classtype:web-application-activity; sid:300000575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-therecentfile.best"; classtype:web-application-activity; sid:300000576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatelatest-thegreatlyfile.best"; classtype:web-application-activity; sid:300000577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updaterecent-thegreatlyfile.best"; classtype:web-application-activity; sid:300000578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upmakesite.xyz"; classtype:web-application-activity; sid:300000579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplayglobal.xyz"; classtype:web-application-activity; sid:300000580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vexearth.xyz"; classtype:web-application-activity; sid:300000581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viral-surveys.win"; classtype:web-application-activity; sid:300000582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viralarticles.net"; classtype:web-application-activity; sid:300000583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vital-health.club"; classtype:web-application-activity; sid:300000584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vitalrole.info"; classtype:web-application-activity; sid:300000585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn-pro.info"; classtype:web-application-activity; sid:300000586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn1aprotectplus.com"; classtype:web-application-activity; sid:300000587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnadefenceplus.com"; classtype:web-application-activity; sid:300000588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpntool.me"; classtype:web-application-activity; sid:300000589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnupdatesnow.com"; classtype:web-application-activity; sid:300000590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"website4all.info"; classtype:web-application-activity; sid:300000592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websiteforall.work"; classtype:web-application-activity; sid:300000593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websitetoget.work"; classtype:web-application-activity; sid:300000594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtip.co"; classtype:web-application-activity; sid:300000595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessgram.info"; classtype:web-application-activity; sid:300000596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessplum.info"; classtype:web-application-activity; sid:300000597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wherentlybrane.site"; classtype:web-application-activity; sid:300000598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialrewardssuper.cyou"; classtype:web-application-activity; sid:300000599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wowlifestyle.info"; classtype:web-application-activity; sid:300000600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"youngleaf.biz"; classtype:web-application-activity; sid:300000601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrade.info"; classtype:web-application-activity; sid:300000602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrades.info"; classtype:web-application-activity; sid:300000603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrading.info"; classtype:web-application-activity; sid:300000604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnection.info"; classtype:web-application-activity; sid:300000605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnections.info"; classtype:web-application-activity; sid:300000606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayer.info"; classtype:web-application-activity; sid:300000607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayers.info"; classtype:web-application-activity; sid:300000608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrade.info"; classtype:web-application-activity; sid:300000609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrades.info"; classtype:web-application-activity; sid:300000610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrading.work"; classtype:web-application-activity; sid:300000611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdate.work"; classtype:web-application-activity; sid:300000612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdating.work"; classtype:web-application-activity; sid:300000613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrades.info"; classtype:web-application-activity; sid:300000614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrading.info"; classtype:web-application-activity; sid:300000615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestplayerlink.best"; classtype:web-application-activity; sid:300000617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestreliablelink.work"; classtype:web-application-activity; sid:300000618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelink.info"; classtype:web-application-activity; sid:300000619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelinks.info"; classtype:web-application-activity; sid:300000620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafesystemsupdating.work"; classtype:web-application-activity; sid:300000621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourstablegreatupdate.work"; classtype:web-application-activity; sid:300000622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourstablegreatupdates.work"; classtype:web-application-activity; sid:300000623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourtechplaceforupgrades.info"; classtype:web-application-activity; sid:300000624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourultimateperfectupgrades.work"; classtype:web-application-activity; sid:300000625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ysfetinora.tk"; classtype:web-application-activity; sid:300000626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seasoned.co"; classtype:web-application-activity; sid:300000450; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000451; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alerts.xyz"; classtype:web-application-activity; sid:300000452; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-monitoring.xyz"; classtype:web-application-activity; sid:300000453; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"second-handjam.xyz"; classtype:web-application-activity; sid:300000454; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-made-easy.xyz"; classtype:web-application-activity; sid:300000455; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-pro.xyz"; classtype:web-application-activity; sid:300000456; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-protection.xyz"; classtype:web-application-activity; sid:300000457; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000458; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selfradiance.info"; classtype:web-application-activity; sid:300000459; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-care.space"; classtype:web-application-activity; sid:300000460; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shkshk.site"; classtype:web-application-activity; sid:300000461; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000462; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shoppingexp.xyz"; classtype:web-application-activity; sid:300000463; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000464; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetd.xyz"; classtype:web-application-activity; sid:300000465; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotspinb.xyz"; classtype:web-application-activity; sid:300000466; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotspotf.xyz"; classtype:web-application-activity; sid:300000467; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetb.xyz"; classtype:web-application-activity; sid:300000468; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000469; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springsitea.xyz"; classtype:web-application-activity; sid:300000470; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springsitef.xyz"; classtype:web-application-activity; sid:300000471; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stay-notified.cc"; classtype:web-application-activity; sid:300000472; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stingyscent.xyz"; classtype:web-application-activity; sid:300000473; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thefreefile.best"; classtype:web-application-activity; sid:300000474; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thequickfile.best"; classtype:web-application-activity; sid:300000475; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thespeedyfile.best"; classtype:web-application-activity; sid:300000476; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thestrongfile.best"; classtype:web-application-activity; sid:300000477; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storelatest-theoverlyfile.best"; classtype:web-application-activity; sid:300000478; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storenewest-theoverlyfile.best"; classtype:web-application-activity; sid:300000479; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-theadvancedfile.best"; classtype:web-application-activity; sid:300000480; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thecurrentfile.best"; classtype:web-application-activity; sid:300000481; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thelatestfile.best"; classtype:web-application-activity; sid:300000482; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thenewestfile.best"; classtype:web-application-activity; sid:300000483; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storerecent-theoverlyfile.best"; classtype:web-application-activity; sid:300000484; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storespeedy-theheavilyfile.best"; classtype:web-application-activity; sid:300000485; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeswift-theheavilyfile.best"; classtype:web-application-activity; sid:300000486; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000487; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000488; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000489; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestnewestfile.best"; classtype:web-application-activity; sid:300000490; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamfree-bestmostfile.best"; classtype:web-application-activity; sid:300000491; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000492; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000493; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestlatestfile.best"; classtype:web-application-activity; sid:300000494; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestquickfile.best"; classtype:web-application-activity; sid:300000495; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000496; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestoverlyfile.best"; classtype:web-application-activity; sid:300000497; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamquick-bestmostfile.best"; classtype:web-application-activity; sid:300000498; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestintenselyfile.best"; classtype:web-application-activity; sid:300000499; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"styleandhealth.info"; classtype:web-application-activity; sid:300000500; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000501; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sugar-legal-about13.fun"; classtype:web-application-activity; sid:300000502; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superiorcare.info"; classtype:web-application-activity; sid:300000503; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superplace4upgrade.work"; classtype:web-application-activity; sid:300000504; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superplace4upgrading.work"; classtype:web-application-activity; sid:300000505; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superplaceforupgrade.info"; classtype:web-application-activity; sid:300000506; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey-club.club"; classtype:web-application-activity; sid:300000507; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey-review.club"; classtype:web-application-activity; sid:300000508; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncadvanced-bestuberfile.best"; classtype:web-application-activity; sid:300000509; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccompletely-bestoriginalfile.best"; classtype:web-application-activity; sid:300000510; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccompletely-bestprogressivefile.best"; classtype:web-application-activity; sid:300000511; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccompletely-bestrecentfile.best"; classtype:web-application-activity; sid:300000512; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncgreatly-bestrenewedfile.best"; classtype:web-application-activity; sid:300000513; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncheavily-bestlatestfile.best"; classtype:web-application-activity; sid:300000514; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestfreefile.best"; classtype:web-application-activity; sid:300000515; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestoriginalfile.best"; classtype:web-application-activity; sid:300000516; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestprogressivefile.best"; classtype:web-application-activity; sid:300000517; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestrecentfile.best"; classtype:web-application-activity; sid:300000518; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000519; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestspeedyfile.best"; classtype:web-application-activity; sid:300000520; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncintensely-bestprogressivefile.best"; classtype:web-application-activity; sid:300000521; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatest-bestuberfile.best"; classtype:web-application-activity; sid:300000522; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncoriginal-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000523; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncprogressive-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000524; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncprogressive-besthighlyfile.best"; classtype:web-application-activity; sid:300000525; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrenewed-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000526; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncstrong-bestextremelyfile.best"; classtype:web-application-activity; sid:300000527; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestlatestfile.best"; classtype:web-application-activity; sid:300000528; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestoriginalfile.best"; classtype:web-application-activity; sid:300000529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestprecisefile.best"; classtype:web-application-activity; sid:300000530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestprogressivefile.best"; classtype:web-application-activity; sid:300000531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestrefinedfile.best"; classtype:web-application-activity; sid:300000532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"talskingest.top"; classtype:web-application-activity; sid:300000534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tastefulwood.xyz"; classtype:web-application-activity; sid:300000535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tdstraffic.xyz"; classtype:web-application-activity; sid:300000536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theable.me"; classtype:web-application-activity; sid:300000537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thebettercleanplayer.info"; classtype:web-application-activity; sid:300000538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thebettercleanplayers.info"; classtype:web-application-activity; sid:300000539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theconnectvpn.com"; classtype:web-application-activity; sid:300000540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thecryptomoney.info"; classtype:web-application-activity; sid:300000541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thefatburner.info"; classtype:web-application-activity; sid:300000542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thefitproject.club"; classtype:web-application-activity; sid:300000543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthcurve.info"; classtype:web-application-activity; sid:300000544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthcycle.club"; classtype:web-application-activity; sid:300000545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthgo.info"; classtype:web-application-activity; sid:300000546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthpedia.info"; classtype:web-application-activity; sid:300000547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthystyle.info"; classtype:web-application-activity; sid:300000548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthyvibe.info"; classtype:web-application-activity; sid:300000549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehotshot.info"; classtype:web-application-activity; sid:300000550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thenewjourney.info"; classtype:web-application-activity; sid:300000552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thepackage.club"; classtype:web-application-activity; sid:300000553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thesafestplayerlinks.work"; classtype:web-application-activity; sid:300000554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thesafestreliablelink.work"; classtype:web-application-activity; sid:300000555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theslotomania.info"; classtype:web-application-activity; sid:300000556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thestablealwayssafeupdates.work"; classtype:web-application-activity; sid:300000557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thestablegreatupdates.work"; classtype:web-application-activity; sid:300000558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thestablegreatupgrades.best"; classtype:web-application-activity; sid:300000559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thrillqueen.xyz"; classtype:web-application-activity; sid:300000560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toovolution.club"; classtype:web-application-activity; sid:300000561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topnotchsports.tips"; classtype:web-application-activity; sid:300000562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficbounce.net"; classtype:web-application-activity; sid:300000563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficgate.cc"; classtype:web-application-activity; sid:300000564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trane.fun"; classtype:web-application-activity; sid:300000565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trktraf.club"; classtype:web-application-activity; sid:300000566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trkvpn.xyz"; classtype:web-application-activity; sid:300000567; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tryoneshot-keto.net"; classtype:web-application-activity; sid:300000568; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uclaimrewards.net"; classtype:web-application-activity; sid:300000569; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unequalfaucet.xyz"; classtype:web-application-activity; sid:300000570; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniremedy.info"; classtype:web-application-activity; sid:300000571; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitehealth.club"; classtype:web-application-activity; sid:300000572; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatcboulevard.xyz"; classtype:web-application-activity; sid:300000573; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatmstreet.xyz"; classtype:web-application-activity; sid:300000574; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatmway.xyz"; classtype:web-application-activity; sid:300000575; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatecurrent-thegreatlyfile.best"; classtype:web-application-activity; sid:300000576; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-thecurrentfile.best"; classtype:web-application-activity; sid:300000577; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-thenewestfile.best"; classtype:web-application-activity; sid:300000578; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-therecentfile.best"; classtype:web-application-activity; sid:300000579; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatelatest-thegreatlyfile.best"; classtype:web-application-activity; sid:300000580; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updaterecent-thegreatlyfile.best"; classtype:web-application-activity; sid:300000581; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upmakesite.xyz"; classtype:web-application-activity; sid:300000582; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplayglobal.xyz"; classtype:web-application-activity; sid:300000583; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vexearth.xyz"; classtype:web-application-activity; sid:300000584; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viral-surveys.win"; classtype:web-application-activity; sid:300000585; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viralarticles.net"; classtype:web-application-activity; sid:300000586; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vital-health.club"; classtype:web-application-activity; sid:300000587; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vitalrole.info"; classtype:web-application-activity; sid:300000588; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn-pro.info"; classtype:web-application-activity; sid:300000589; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn1aprotectplus.com"; classtype:web-application-activity; sid:300000590; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnadefenceplus.com"; classtype:web-application-activity; sid:300000591; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpntool.me"; classtype:web-application-activity; sid:300000592; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnupdatesnow.com"; classtype:web-application-activity; sid:300000593; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000594; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"website4all.info"; classtype:web-application-activity; sid:300000595; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websiteforall.work"; classtype:web-application-activity; sid:300000596; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websitetoget.work"; classtype:web-application-activity; sid:300000597; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtip.co"; classtype:web-application-activity; sid:300000598; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessgram.info"; classtype:web-application-activity; sid:300000599; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessplum.info"; classtype:web-application-activity; sid:300000600; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wherentlybrane.site"; classtype:web-application-activity; sid:300000601; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialrewardssuper.cyou"; classtype:web-application-activity; sid:300000602; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"youngleaf.biz"; classtype:web-application-activity; sid:300000603; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrade.info"; classtype:web-application-activity; sid:300000604; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrades.info"; classtype:web-application-activity; sid:300000605; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrading.info"; classtype:web-application-activity; sid:300000606; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnection.info"; classtype:web-application-activity; sid:300000607; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnections.info"; classtype:web-application-activity; sid:300000608; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayer.info"; classtype:web-application-activity; sid:300000609; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayers.info"; classtype:web-application-activity; sid:300000610; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrade.info"; classtype:web-application-activity; sid:300000611; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrades.info"; classtype:web-application-activity; sid:300000612; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrading.work"; classtype:web-application-activity; sid:300000613; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdate.work"; classtype:web-application-activity; sid:300000614; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdating.work"; classtype:web-application-activity; sid:300000615; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000616; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrades.info"; classtype:web-application-activity; sid:300000617; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrading.info"; classtype:web-application-activity; sid:300000618; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000619; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestplayerlink.best"; classtype:web-application-activity; sid:300000620; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestreliablelink.work"; classtype:web-application-activity; sid:300000621; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelink.info"; classtype:web-application-activity; sid:300000622; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelinks.info"; classtype:web-application-activity; sid:300000623; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafesystemsupdating.work"; classtype:web-application-activity; sid:300000624; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourstablegreatupdate.work"; classtype:web-application-activity; sid:300000625; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourstablegreatupdates.work"; classtype:web-application-activity; sid:300000626; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourtechplaceforupgrades.info"; classtype:web-application-activity; sid:300000627; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourultimateperfectupgrades.work"; classtype:web-application-activity; sid:300000628; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ysfetinora.tk"; classtype:web-application-activity; sid:300000629; rev:1;)

13
dist/pup-filter-unbound.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Unbound Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@ local-zone: "congrats-lucky-giveaway-smart.cyou" always_nxdomain
local-zone: "congratsluckygiveawaysmart.cyou" always_nxdomain
local-zone: "connectionapplication.com" always_nxdomain
local-zone: "contentgate.cam" always_nxdomain
local-zone: "contentgate.club" always_nxdomain
local-zone: "contentgate.fun" always_nxdomain
local-zone: "contentgate.uno" always_nxdomain
local-zone: "cooing.top" always_nxdomain
@ -98,7 +99,6 @@ local-zone: "dailymedia.work" always_nxdomain
local-zone: "dailyrep.net" always_nxdomain
local-zone: "degreenm.top" always_nxdomain
local-zone: "delightcmain.xyz" always_nxdomain
local-zone: "desixxx.cloud" always_nxdomain
local-zone: "digitalinvest.news" always_nxdomain
local-zone: "displayfriend.xyz" always_nxdomain
local-zone: "ditvl.com" always_nxdomain
@ -263,10 +263,9 @@ local-zone: "loadgreatly-bestadvancedfile.best" always_nxdomain
local-zone: "loadgreatly-bestquickfile.best" always_nxdomain
local-zone: "loadgreatly-bestrenewedfile.best" always_nxdomain
local-zone: "loadheavily-bestfreefile.best" always_nxdomain
local-zone: "loadrecentoverlyfile.digital" always_nxdomain
local-zone: "loadpreciseuberfile.digital" always_nxdomain
local-zone: "loadrefineduberfile.digital" always_nxdomain
local-zone: "loadsophisticateduberfile.digital" always_nxdomain
local-zone: "loaduberprecisefile.digital" always_nxdomain
local-zone: "loaduberspeedyfile.digital" always_nxdomain
local-zone: "locationtracker.services" always_nxdomain
local-zone: "loosefit.info" always_nxdomain
@ -321,6 +320,7 @@ local-zone: "official-prize-national-random.cyou" always_nxdomain
local-zone: "officialprizenationalrandom.cyou" always_nxdomain
local-zone: "onegowc.pw" always_nxdomain
local-zone: "online-survey.org" always_nxdomain
local-zone: "onlinecinema.eu" always_nxdomain
local-zone: "onlineprizesuperpromotion.cyou" always_nxdomain
local-zone: "operatecompletely-theprecisefile.best" always_nxdomain
local-zone: "operatecompletely-thespeedyfile.best" always_nxdomain
@ -454,6 +454,7 @@ local-zone: "score-monitoring.xyz" always_nxdomain
local-zone: "search-tool.net" always_nxdomain
local-zone: "search-trends.co" always_nxdomain
local-zone: "searchfeed.co" always_nxdomain
local-zone: "seasoned.co" always_nxdomain
local-zone: "sec-alert.xyz" always_nxdomain
local-zone: "sec-alerts.xyz" always_nxdomain
local-zone: "sec-monitoring.xyz" always_nxdomain
@ -465,6 +466,7 @@ local-zone: "seemlast.monster" always_nxdomain
local-zone: "selfradiance.info" always_nxdomain
local-zone: "service-care.space" always_nxdomain
local-zone: "shkshk.site" always_nxdomain
local-zone: "shopnsave.world" always_nxdomain
local-zone: "shoppingexp.xyz" always_nxdomain
local-zone: "spotplanetc.xyz" always_nxdomain
local-zone: "spotplanetd.xyz" always_nxdomain
@ -553,6 +555,7 @@ local-zone: "thehealthpedia.info" always_nxdomain
local-zone: "thehealthystyle.info" always_nxdomain
local-zone: "thehealthyvibe.info" always_nxdomain
local-zone: "thehotshot.info" always_nxdomain
local-zone: "thelastpicture.show" always_nxdomain
local-zone: "thenewjourney.info" always_nxdomain
local-zone: "thepackage.club" always_nxdomain
local-zone: "thesafestplayerlinks.work" always_nxdomain
@ -604,7 +607,6 @@ local-zone: "wellnessgram.info" always_nxdomain
local-zone: "wellnessplum.info" always_nxdomain
local-zone: "wherentlybrane.site" always_nxdomain
local-zone: "worldwideofficialrewardssuper.cyou" always_nxdomain
local-zone: "wowlifestyle.info" always_nxdomain
local-zone: "youngleaf.biz" always_nxdomain
local-zone: "yourbestlinkupgrade.info" always_nxdomain
local-zone: "yourbestlinkupgrades.info" always_nxdomain
@ -618,6 +620,7 @@ local-zone: "yourlegendaryplaceupgrades.info" always_nxdomain
local-zone: "yourlegendaryplaceupgrading.work" always_nxdomain
local-zone: "yourlegendaryplayerupdate.work" always_nxdomain
local-zone: "yourlegendaryplayerupdating.work" always_nxdomain
local-zone: "yourlegendarysystemsupgrade.work" always_nxdomain
local-zone: "yourlegendaryvideoupgrades.info" always_nxdomain
local-zone: "yourlegendaryvideoupgrading.info" always_nxdomain
local-zone: "yourlinkplaceupdatingfree.work" always_nxdomain

13
dist/pup-filter-vivaldi.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (Vivaldi)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 20 May 2021 12:07:10 UTC
! Updated: Fri, 21 May 2021 00:06:55 UTC
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@
||congratsluckygiveawaysmart.cyou$document
||connectionapplication.com$document
||contentgate.cam$document
||contentgate.club$document
||contentgate.fun$document
||contentgate.uno$document
||cooing.top$document
@ -98,7 +99,6 @@
||dailyrep.net$document
||degreenm.top$document
||delightcmain.xyz$document
||desixxx.cloud$document
||digitalinvest.news$document
||displayfriend.xyz$document
||ditvl.com$document
@ -263,10 +263,9 @@
||loadgreatly-bestquickfile.best$document
||loadgreatly-bestrenewedfile.best$document
||loadheavily-bestfreefile.best$document
||loadrecentoverlyfile.digital$document
||loadpreciseuberfile.digital$document
||loadrefineduberfile.digital$document
||loadsophisticateduberfile.digital$document
||loaduberprecisefile.digital$document
||loaduberspeedyfile.digital$document
||locationtracker.services$document
||loosefit.info$document
@ -321,6 +320,7 @@
||officialprizenationalrandom.cyou$document
||onegowc.pw$document
||online-survey.org$document
||onlinecinema.eu$document
||onlineprizesuperpromotion.cyou$document
||operatecompletely-theprecisefile.best$document
||operatecompletely-thespeedyfile.best$document
@ -454,6 +454,7 @@
||search-tool.net$document
||search-trends.co$document
||searchfeed.co$document
||seasoned.co$document
||sec-alert.xyz$document
||sec-alerts.xyz$document
||sec-monitoring.xyz$document
@ -465,6 +466,7 @@
||selfradiance.info$document
||service-care.space$document
||shkshk.site$document
||shopnsave.world$document
||shoppingexp.xyz$document
||spotplanetc.xyz$document
||spotplanetd.xyz$document
@ -553,6 +555,7 @@
||thehealthystyle.info$document
||thehealthyvibe.info$document
||thehotshot.info$document
||thelastpicture.show$document
||thenewjourney.info$document
||thepackage.club$document
||thesafestplayerlinks.work$document
@ -604,7 +607,6 @@
||wellnessplum.info$document
||wherentlybrane.site$document
||worldwideofficialrewardssuper.cyou$document
||wowlifestyle.info$document
||youngleaf.biz$document
||yourbestlinkupgrade.info$document
||yourbestlinkupgrades.info$document
@ -618,6 +620,7 @@
||yourlegendaryplaceupgrading.work$document
||yourlegendaryplayerupdate.work$document
||yourlegendaryplayerupdating.work$document
||yourlegendarysystemsupgrade.work$document
||yourlegendaryvideoupgrades.info$document
||yourlegendaryvideoupgrading.info$document
||yourlinkplaceupdatingfree.work$document

13
dist/pup-filter.tpl vendored
View File

@ -1,7 +1,7 @@
msFilterList
# Title: PUP Hosts Blocklist (IE)
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 20 May 2021 12:07:10 UTC
# Updated: Fri, 21 May 2021 00:06:55 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -80,6 +80,7 @@ msFilterList
-d congratsluckygiveawaysmart.cyou
-d connectionapplication.com
-d contentgate.cam
-d contentgate.club
-d contentgate.fun
-d contentgate.uno
-d cooing.top
@ -101,7 +102,6 @@ msFilterList
-d dailyrep.net
-d degreenm.top
-d delightcmain.xyz
-d desixxx.cloud
-d digitalinvest.news
-d displayfriend.xyz
-d ditvl.com
@ -266,10 +266,9 @@ msFilterList
-d loadgreatly-bestquickfile.best
-d loadgreatly-bestrenewedfile.best
-d loadheavily-bestfreefile.best
-d loadrecentoverlyfile.digital
-d loadpreciseuberfile.digital
-d loadrefineduberfile.digital
-d loadsophisticateduberfile.digital
-d loaduberprecisefile.digital
-d loaduberspeedyfile.digital
-d locationtracker.services
-d loosefit.info
@ -324,6 +323,7 @@ msFilterList
-d officialprizenationalrandom.cyou
-d onegowc.pw
-d online-survey.org
-d onlinecinema.eu
-d onlineprizesuperpromotion.cyou
-d operatecompletely-theprecisefile.best
-d operatecompletely-thespeedyfile.best
@ -457,6 +457,7 @@ msFilterList
-d search-tool.net
-d search-trends.co
-d searchfeed.co
-d seasoned.co
-d sec-alert.xyz
-d sec-alerts.xyz
-d sec-monitoring.xyz
@ -468,6 +469,7 @@ msFilterList
-d selfradiance.info
-d service-care.space
-d shkshk.site
-d shopnsave.world
-d shoppingexp.xyz
-d spotplanetc.xyz
-d spotplanetd.xyz
@ -556,6 +558,7 @@ msFilterList
-d thehealthystyle.info
-d thehealthyvibe.info
-d thehotshot.info
-d thelastpicture.show
-d thenewjourney.info
-d thepackage.club
-d thesafestplayerlinks.work
@ -607,7 +610,6 @@ msFilterList
-d wellnessplum.info
-d wherentlybrane.site
-d worldwideofficialrewardssuper.cyou
-d wowlifestyle.info
-d youngleaf.biz
-d yourbestlinkupgrade.info
-d yourbestlinkupgrades.info
@ -621,6 +623,7 @@ msFilterList
-d yourlegendaryplaceupgrading.work
-d yourlegendaryplayerupdate.work
-d yourlegendaryplayerupdating.work
-d yourlegendarysystemsupgrade.work
-d yourlegendaryvideoupgrades.info
-d yourlegendaryvideoupgrading.info
-d yourlinkplaceupdatingfree.work

13
dist/pup-filter.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 20 May 2021 12:07:10 UTC
! Updated: Fri, 21 May 2021 00:06:55 UTC
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -77,6 +77,7 @@ congrats-lucky-giveaway-smart.cyou
congratsluckygiveawaysmart.cyou
connectionapplication.com
contentgate.cam
contentgate.club
contentgate.fun
contentgate.uno
cooing.top
@ -98,7 +99,6 @@ dailymedia.work
dailyrep.net
degreenm.top
delightcmain.xyz
desixxx.cloud
digitalinvest.news
displayfriend.xyz
ditvl.com
@ -263,10 +263,9 @@ loadgreatly-bestadvancedfile.best
loadgreatly-bestquickfile.best
loadgreatly-bestrenewedfile.best
loadheavily-bestfreefile.best
loadrecentoverlyfile.digital
loadpreciseuberfile.digital
loadrefineduberfile.digital
loadsophisticateduberfile.digital
loaduberprecisefile.digital
loaduberspeedyfile.digital
locationtracker.services
loosefit.info
@ -321,6 +320,7 @@ official-prize-national-random.cyou
officialprizenationalrandom.cyou
onegowc.pw
online-survey.org
onlinecinema.eu
onlineprizesuperpromotion.cyou
operatecompletely-theprecisefile.best
operatecompletely-thespeedyfile.best
@ -454,6 +454,7 @@ score-monitoring.xyz
search-tool.net
search-trends.co
searchfeed.co
seasoned.co
sec-alert.xyz
sec-alerts.xyz
sec-monitoring.xyz
@ -465,6 +466,7 @@ seemlast.monster
selfradiance.info
service-care.space
shkshk.site
shopnsave.world
shoppingexp.xyz
spotplanetc.xyz
spotplanetd.xyz
@ -553,6 +555,7 @@ thehealthpedia.info
thehealthystyle.info
thehealthyvibe.info
thehotshot.info
thelastpicture.show
thenewjourney.info
thepackage.club
thesafestplayerlinks.work
@ -604,7 +607,6 @@ wellnessgram.info
wellnessplum.info
wherentlybrane.site
worldwideofficialrewardssuper.cyou
wowlifestyle.info
youngleaf.biz
yourbestlinkupgrade.info
yourbestlinkupgrades.info
@ -618,6 +620,7 @@ yourlegendaryplaceupgrades.info
yourlegendaryplaceupgrading.work
yourlegendaryplayerupdate.work
yourlegendaryplayerupdating.work
yourlegendarysystemsupgrade.work
yourlegendaryvideoupgrades.info
yourlegendaryvideoupgrading.info
yourlinkplaceupdatingfree.work