Filter updated: Sun, 24 Oct 2021 00:02:57 +0000

dist/pup-filter-ag.txt

@@ -1,6 +1,6 @@
 ! Title: PUP Domains Blocklist (AdGuard)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 23 Oct 2021 12:02:25 +0000
+! Updated: Sun, 24 Oct 2021 00:02:57 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@
 ||amobil.online$all
 ||appsto.cloud$all
 ||appzfirer.biz$all
-||armorprovpn.me$all
 ||atprofessor.fun$all
 ||atwater.org$all
 ||auto-car-search.site$all
@@ -59,17 +58,18 @@
 ||curfiositystream.com$all
 ||curiositydstream.com$all
 ||curuiositystream.com$all
+||dailyrep.net$all
 ||darkview.org$all
 ||dayinlife.net$all
 ||dealmedia.club$all
 ||dealmedia.website$all
 ||dealmedia.xyz$all
 ||dealsify.net$all
-||defensepro.me$all
 ||discoveryfeed.org$all
 ||earlyprogress.info$all
 ||efladn.club$all
 ||elpelades.club$all
+||enjoy-asteroid.xyz$all
 ||enjoy-star.xyz$all
 ||enjoy1mountain.xyz$all
 ||enjoy1ocean.xyz$all
@@ -94,7 +94,6 @@
 ||flash-rewards.info$all
 ||freewareappsstreamfast-best.digital$all
 ||freewareappsstreamfastall.digital$all
-||funanime.me$all
 ||funny-media.ru$all
 ||funspine.xyz$all
 ||genertellife.it$all
@@ -130,6 +129,7 @@
 ||installprogressiveintenselythefile.vip$all
 ||intelectaction.ru$all
 ||investinfo.net$all
+||ipaint.us$all
 ||ironprovpn.me$all
 ||isystemupdate.cloud$all
 ||jetsummer.xyz$all
@@ -250,6 +250,7 @@
 ||pandawinterc.xyz$all
 ||pandawinterd.xyz$all
 ||pandawintere.xyz$all
+||pandawinterf.xyz$all
 ||pcsecurity-live.xyz$all
 ||peterhahn.be$all
 ||photo-explorer.org$all
@@ -282,7 +283,6 @@
 ||playwinterf.xyz$all
 ||ppploanchoices.site$all
 ||prize-messsages.casa$all
-||producthunter.club$all
 ||profitsurvey365.online$all
 ||proprotect.me$all
 ||prosecurityvpn.me$all
@@ -298,7 +298,6 @@
 ||rewardgivingrealspecialoffer.cyou$all
 ||rewards-promotion-winner-super.cyou$all
 ||rewardspromotionwinnersuper.cyou$all
-||robogarden.io$all
 ||runadvanced-bestgreatlyfile.best$all
 ||rungreatly-bestadvancedfile.best$all
 ||safeguide.net$all
@@ -307,7 +306,6 @@
 ||search4theupgradeset.info$all
 ||search4upgradingset.info$all
 ||searchmgr.online$all
-||securitevpn.me$all
 ||securityvpnpro.me$all
 ||sergey-tracks.xyz$all
 ||settothereliableupgradingnew.work$all
@@ -348,9 +346,11 @@
 ||systemupdateme.solutions$all
 ||systemupdatit.club$all
 ||technoblogs.net$all
+||technologypartners.net$all
 ||thanksyoursupport.club$all
 ||the-star.xyz$all
 ||the1star.xyz$all
+||the1volcano.xyz$all
 ||the7plains.xyz$all
 ||the7volcano.xyz$all
 ||theaasteroid.xyz$all
@@ -390,10 +390,12 @@
 ||webtactics.ca$all
 ||west1asteroid.xyz$all
 ||west1ocean.xyz$all
+||west1plains.xyz$all
 ||west1sky.xyz$all
 ||west1star.xyz$all
 ||westaasteroid.xyz$all
 ||westaocean.xyz$all
+||westaplanet.xyz$all
 ||westasea.xyz$all
 ||westastar.xyz$all
 ||winnerbigwingiveawaysuper.cyou$all

dist/pup-filter-agh.txt

@@ -1,6 +1,6 @@
 ! Title: PUP Domains Blocklist (AdGuard Home)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 23 Oct 2021 12:02:25 +0000
+! Updated: Sun, 24 Oct 2021 00:02:57 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@
 ||amobil.online^
 ||appsto.cloud^
 ||appzfirer.biz^
-||armorprovpn.me^
 ||atprofessor.fun^
 ||atwater.org^
 ||auto-car-search.site^
@@ -59,17 +58,18 @@
 ||curfiositystream.com^
 ||curiositydstream.com^
 ||curuiositystream.com^
+||dailyrep.net^
 ||darkview.org^
 ||dayinlife.net^
 ||dealmedia.club^
 ||dealmedia.website^
 ||dealmedia.xyz^
 ||dealsify.net^
-||defensepro.me^
 ||discoveryfeed.org^
 ||earlyprogress.info^
 ||efladn.club^
 ||elpelades.club^
+||enjoy-asteroid.xyz^
 ||enjoy-star.xyz^
 ||enjoy1mountain.xyz^
 ||enjoy1ocean.xyz^
@@ -94,7 +94,6 @@
 ||flash-rewards.info^
 ||freewareappsstreamfast-best.digital^
 ||freewareappsstreamfastall.digital^
-||funanime.me^
 ||funny-media.ru^
 ||funspine.xyz^
 ||genertellife.it^
@@ -130,6 +129,7 @@
 ||installprogressiveintenselythefile.vip^
 ||intelectaction.ru^
 ||investinfo.net^
+||ipaint.us^
 ||ironprovpn.me^
 ||isystemupdate.cloud^
 ||jetsummer.xyz^
@@ -250,6 +250,7 @@
 ||pandawinterc.xyz^
 ||pandawinterd.xyz^
 ||pandawintere.xyz^
+||pandawinterf.xyz^
 ||pcsecurity-live.xyz^
 ||peterhahn.be^
 ||photo-explorer.org^
@@ -282,7 +283,6 @@
 ||playwinterf.xyz^
 ||ppploanchoices.site^
 ||prize-messsages.casa^
-||producthunter.club^
 ||profitsurvey365.online^
 ||proprotect.me^
 ||prosecurityvpn.me^
@@ -298,7 +298,6 @@
 ||rewardgivingrealspecialoffer.cyou^
 ||rewards-promotion-winner-super.cyou^
 ||rewardspromotionwinnersuper.cyou^
-||robogarden.io^
 ||runadvanced-bestgreatlyfile.best^
 ||rungreatly-bestadvancedfile.best^
 ||safeguide.net^
@@ -307,7 +306,6 @@
 ||search4theupgradeset.info^
 ||search4upgradingset.info^
 ||searchmgr.online^
-||securitevpn.me^
 ||securityvpnpro.me^
 ||sergey-tracks.xyz^
 ||settothereliableupgradingnew.work^
@@ -348,9 +346,11 @@
 ||systemupdateme.solutions^
 ||systemupdatit.club^
 ||technoblogs.net^
+||technologypartners.net^
 ||thanksyoursupport.club^
 ||the-star.xyz^
 ||the1star.xyz^
+||the1volcano.xyz^
 ||the7plains.xyz^
 ||the7volcano.xyz^
 ||theaasteroid.xyz^
@@ -390,10 +390,12 @@
 ||webtactics.ca^
 ||west1asteroid.xyz^
 ||west1ocean.xyz^
+||west1plains.xyz^
 ||west1sky.xyz^
 ||west1star.xyz^
 ||westaasteroid.xyz^
 ||westaocean.xyz^
+||westaplanet.xyz^
 ||westasea.xyz^
 ||westastar.xyz^
 ||winnerbigwingiveawaysuper.cyou^

dist/pup-filter-bind.conf

@@ -1,6 +1,6 @@
 # Title: PUP Domains BIND Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@ zone "aikoo.club" { type master; notify no; file "null.zone.file"; };
 zone "amobil.online" { type master; notify no; file "null.zone.file"; };
 zone "appsto.cloud" { type master; notify no; file "null.zone.file"; };
 zone "appzfirer.biz" { type master; notify no; file "null.zone.file"; };
-zone "armorprovpn.me" { type master; notify no; file "null.zone.file"; };
 zone "atprofessor.fun" { type master; notify no; file "null.zone.file"; };
 zone "atwater.org" { type master; notify no; file "null.zone.file"; };
 zone "auto-car-search.site" { type master; notify no; file "null.zone.file"; };
@@ -59,17 +58,18 @@ zone "credit-monitoring-360.xyz" { type master; notify no; file "null.zone.file"
 zone "curfiositystream.com" { type master; notify no; file "null.zone.file"; };
 zone "curiositydstream.com" { type master; notify no; file "null.zone.file"; };
 zone "curuiositystream.com" { type master; notify no; file "null.zone.file"; };
+zone "dailyrep.net" { type master; notify no; file "null.zone.file"; };
 zone "darkview.org" { type master; notify no; file "null.zone.file"; };
 zone "dayinlife.net" { type master; notify no; file "null.zone.file"; };
 zone "dealmedia.club" { type master; notify no; file "null.zone.file"; };
 zone "dealmedia.website" { type master; notify no; file "null.zone.file"; };
 zone "dealmedia.xyz" { type master; notify no; file "null.zone.file"; };
 zone "dealsify.net" { type master; notify no; file "null.zone.file"; };
-zone "defensepro.me" { type master; notify no; file "null.zone.file"; };
 zone "discoveryfeed.org" { type master; notify no; file "null.zone.file"; };
 zone "earlyprogress.info" { type master; notify no; file "null.zone.file"; };
 zone "efladn.club" { type master; notify no; file "null.zone.file"; };
 zone "elpelades.club" { type master; notify no; file "null.zone.file"; };
+zone "enjoy-asteroid.xyz" { type master; notify no; file "null.zone.file"; };
 zone "enjoy-star.xyz" { type master; notify no; file "null.zone.file"; };
 zone "enjoy1mountain.xyz" { type master; notify no; file "null.zone.file"; };
 zone "enjoy1ocean.xyz" { type master; notify no; file "null.zone.file"; };
@@ -94,7 +94,6 @@ zone "fisudauh.top" { type master; notify no; file "null.zone.file"; };
 zone "flash-rewards.info" { type master; notify no; file "null.zone.file"; };
 zone "freewareappsstreamfast-best.digital" { type master; notify no; file "null.zone.file"; };
 zone "freewareappsstreamfastall.digital" { type master; notify no; file "null.zone.file"; };
-zone "funanime.me" { type master; notify no; file "null.zone.file"; };
 zone "funny-media.ru" { type master; notify no; file "null.zone.file"; };
 zone "funspine.xyz" { type master; notify no; file "null.zone.file"; };
 zone "genertellife.it" { type master; notify no; file "null.zone.file"; };
@@ -130,6 +129,7 @@ zone "installprecisehighlythefile.vip" { type master; notify no; file "null.zone
 zone "installprogressiveintenselythefile.vip" { type master; notify no; file "null.zone.file"; };
 zone "intelectaction.ru" { type master; notify no; file "null.zone.file"; };
 zone "investinfo.net" { type master; notify no; file "null.zone.file"; };
+zone "ipaint.us" { type master; notify no; file "null.zone.file"; };
 zone "ironprovpn.me" { type master; notify no; file "null.zone.file"; };
 zone "isystemupdate.cloud" { type master; notify no; file "null.zone.file"; };
 zone "jetsummer.xyz" { type master; notify no; file "null.zone.file"; };
@@ -250,6 +250,7 @@ zone "pandawinterb.xyz" { type master; notify no; file "null.zone.file"; };
 zone "pandawinterc.xyz" { type master; notify no; file "null.zone.file"; };
 zone "pandawinterd.xyz" { type master; notify no; file "null.zone.file"; };
 zone "pandawintere.xyz" { type master; notify no; file "null.zone.file"; };
+zone "pandawinterf.xyz" { type master; notify no; file "null.zone.file"; };
 zone "pcsecurity-live.xyz" { type master; notify no; file "null.zone.file"; };
 zone "peterhahn.be" { type master; notify no; file "null.zone.file"; };
 zone "photo-explorer.org" { type master; notify no; file "null.zone.file"; };
@@ -282,7 +283,6 @@ zone "playwintere.xyz" { type master; notify no; file "null.zone.file"; };
 zone "playwinterf.xyz" { type master; notify no; file "null.zone.file"; };
 zone "ppploanchoices.site" { type master; notify no; file "null.zone.file"; };
 zone "prize-messsages.casa" { type master; notify no; file "null.zone.file"; };
-zone "producthunter.club" { type master; notify no; file "null.zone.file"; };
 zone "profitsurvey365.online" { type master; notify no; file "null.zone.file"; };
 zone "proprotect.me" { type master; notify no; file "null.zone.file"; };
 zone "prosecurityvpn.me" { type master; notify no; file "null.zone.file"; };
@@ -298,7 +298,6 @@ zone "real-buy.net" { type master; notify no; file "null.zone.file"; };
 zone "rewardgivingrealspecialoffer.cyou" { type master; notify no; file "null.zone.file"; };
 zone "rewards-promotion-winner-super.cyou" { type master; notify no; file "null.zone.file"; };
 zone "rewardspromotionwinnersuper.cyou" { type master; notify no; file "null.zone.file"; };
-zone "robogarden.io" { type master; notify no; file "null.zone.file"; };
 zone "runadvanced-bestgreatlyfile.best" { type master; notify no; file "null.zone.file"; };
 zone "rungreatly-bestadvancedfile.best" { type master; notify no; file "null.zone.file"; };
 zone "safeguide.net" { type master; notify no; file "null.zone.file"; };
@@ -307,7 +306,6 @@ zone "search4theupdatefree.work" { type master; notify no; file "null.zone.file"
 zone "search4theupgradeset.info" { type master; notify no; file "null.zone.file"; };
 zone "search4upgradingset.info" { type master; notify no; file "null.zone.file"; };
 zone "searchmgr.online" { type master; notify no; file "null.zone.file"; };
-zone "securitevpn.me" { type master; notify no; file "null.zone.file"; };
 zone "securityvpnpro.me" { type master; notify no; file "null.zone.file"; };
 zone "sergey-tracks.xyz" { type master; notify no; file "null.zone.file"; };
 zone "settothereliableupgradingnew.work" { type master; notify no; file "null.zone.file"; };
@@ -348,9 +346,11 @@ zone "syncubercurrentfiles.best" { type master; notify no; file "null.zone.file"
 zone "systemupdateme.solutions" { type master; notify no; file "null.zone.file"; };
 zone "systemupdatit.club" { type master; notify no; file "null.zone.file"; };
 zone "technoblogs.net" { type master; notify no; file "null.zone.file"; };
+zone "technologypartners.net" { type master; notify no; file "null.zone.file"; };
 zone "thanksyoursupport.club" { type master; notify no; file "null.zone.file"; };
 zone "the-star.xyz" { type master; notify no; file "null.zone.file"; };
 zone "the1star.xyz" { type master; notify no; file "null.zone.file"; };
+zone "the1volcano.xyz" { type master; notify no; file "null.zone.file"; };
 zone "the7plains.xyz" { type master; notify no; file "null.zone.file"; };
 zone "the7volcano.xyz" { type master; notify no; file "null.zone.file"; };
 zone "theaasteroid.xyz" { type master; notify no; file "null.zone.file"; };
@@ -390,10 +390,12 @@ zone "web-security.ml" { type master; notify no; file "null.zone.file"; };
 zone "webtactics.ca" { type master; notify no; file "null.zone.file"; };
 zone "west1asteroid.xyz" { type master; notify no; file "null.zone.file"; };
 zone "west1ocean.xyz" { type master; notify no; file "null.zone.file"; };
+zone "west1plains.xyz" { type master; notify no; file "null.zone.file"; };
 zone "west1sky.xyz" { type master; notify no; file "null.zone.file"; };
 zone "west1star.xyz" { type master; notify no; file "null.zone.file"; };
 zone "westaasteroid.xyz" { type master; notify no; file "null.zone.file"; };
 zone "westaocean.xyz" { type master; notify no; file "null.zone.file"; };
+zone "westaplanet.xyz" { type master; notify no; file "null.zone.file"; };
 zone "westasea.xyz" { type master; notify no; file "null.zone.file"; };
 zone "westastar.xyz" { type master; notify no; file "null.zone.file"; };
 zone "winnerbigwingiveawaysuper.cyou" { type master; notify no; file "null.zone.file"; };

dist/pup-filter-dnscrypt-blocked-names.txt

@@ -1,6 +1,6 @@
 # Title: PUP Names Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@ aikoo.club
 amobil.online
 appsto.cloud
 appzfirer.biz
-armorprovpn.me
 atprofessor.fun
 atwater.org
 auto-car-search.site
@@ -59,17 +58,18 @@ credit-monitoring-360.xyz
 curfiositystream.com
 curiositydstream.com
 curuiositystream.com
+dailyrep.net
 darkview.org
 dayinlife.net
 dealmedia.club
 dealmedia.website
 dealmedia.xyz
 dealsify.net
-defensepro.me
 discoveryfeed.org
 earlyprogress.info
 efladn.club
 elpelades.club
+enjoy-asteroid.xyz
 enjoy-star.xyz
 enjoy1mountain.xyz
 enjoy1ocean.xyz
@@ -94,7 +94,6 @@ fisudauh.top
 flash-rewards.info
 freewareappsstreamfast-best.digital
 freewareappsstreamfastall.digital
-funanime.me
 funny-media.ru
 funspine.xyz
 genertellife.it
@@ -130,6 +129,7 @@ installprecisehighlythefile.vip
 installprogressiveintenselythefile.vip
 intelectaction.ru
 investinfo.net
+ipaint.us
 ironprovpn.me
 isystemupdate.cloud
 jetsummer.xyz
@@ -250,6 +250,7 @@ pandawinterb.xyz
 pandawinterc.xyz
 pandawinterd.xyz
 pandawintere.xyz
+pandawinterf.xyz
 pcsecurity-live.xyz
 peterhahn.be
 photo-explorer.org
@@ -282,7 +283,6 @@ playwintere.xyz
 playwinterf.xyz
 ppploanchoices.site
 prize-messsages.casa
-producthunter.club
 profitsurvey365.online
 proprotect.me
 prosecurityvpn.me
@@ -298,7 +298,6 @@ real-buy.net
 rewardgivingrealspecialoffer.cyou
 rewards-promotion-winner-super.cyou
 rewardspromotionwinnersuper.cyou
-robogarden.io
 runadvanced-bestgreatlyfile.best
 rungreatly-bestadvancedfile.best
 safeguide.net
@@ -307,7 +306,6 @@ search4theupdatefree.work
 search4theupgradeset.info
 search4upgradingset.info
 searchmgr.online
-securitevpn.me
 securityvpnpro.me
 sergey-tracks.xyz
 settothereliableupgradingnew.work
@@ -348,9 +346,11 @@ syncubercurrentfiles.best
 systemupdateme.solutions
 systemupdatit.club
 technoblogs.net
+technologypartners.net
 thanksyoursupport.club
 the-star.xyz
 the1star.xyz
+the1volcano.xyz
 the7plains.xyz
 the7volcano.xyz
 theaasteroid.xyz
@@ -390,10 +390,12 @@ web-security.ml
 webtactics.ca
 west1asteroid.xyz
 west1ocean.xyz
+west1plains.xyz
 west1sky.xyz
 west1star.xyz
 westaasteroid.xyz
 westaocean.xyz
+westaplanet.xyz
 westasea.xyz
 westastar.xyz
 winnerbigwingiveawaysuper.cyou

dist/pup-filter-dnsmasq.conf

@@ -1,6 +1,6 @@
 # Title: PUP Domains dnsmasq Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@ address=/aikoo.club/0.0.0.0
 address=/amobil.online/0.0.0.0
 address=/appsto.cloud/0.0.0.0
 address=/appzfirer.biz/0.0.0.0
-address=/armorprovpn.me/0.0.0.0
 address=/atprofessor.fun/0.0.0.0
 address=/atwater.org/0.0.0.0
 address=/auto-car-search.site/0.0.0.0
@@ -59,17 +58,18 @@ address=/credit-monitoring-360.xyz/0.0.0.0
 address=/curfiositystream.com/0.0.0.0
 address=/curiositydstream.com/0.0.0.0
 address=/curuiositystream.com/0.0.0.0
+address=/dailyrep.net/0.0.0.0
 address=/darkview.org/0.0.0.0
 address=/dayinlife.net/0.0.0.0
 address=/dealmedia.club/0.0.0.0
 address=/dealmedia.website/0.0.0.0
 address=/dealmedia.xyz/0.0.0.0
 address=/dealsify.net/0.0.0.0
-address=/defensepro.me/0.0.0.0
 address=/discoveryfeed.org/0.0.0.0
 address=/earlyprogress.info/0.0.0.0
 address=/efladn.club/0.0.0.0
 address=/elpelades.club/0.0.0.0
+address=/enjoy-asteroid.xyz/0.0.0.0
 address=/enjoy-star.xyz/0.0.0.0
 address=/enjoy1mountain.xyz/0.0.0.0
 address=/enjoy1ocean.xyz/0.0.0.0
@@ -94,7 +94,6 @@ address=/fisudauh.top/0.0.0.0
 address=/flash-rewards.info/0.0.0.0
 address=/freewareappsstreamfast-best.digital/0.0.0.0
 address=/freewareappsstreamfastall.digital/0.0.0.0
-address=/funanime.me/0.0.0.0
 address=/funny-media.ru/0.0.0.0
 address=/funspine.xyz/0.0.0.0
 address=/genertellife.it/0.0.0.0
@@ -130,6 +129,7 @@ address=/installprecisehighlythefile.vip/0.0.0.0
 address=/installprogressiveintenselythefile.vip/0.0.0.0
 address=/intelectaction.ru/0.0.0.0
 address=/investinfo.net/0.0.0.0
+address=/ipaint.us/0.0.0.0
 address=/ironprovpn.me/0.0.0.0
 address=/isystemupdate.cloud/0.0.0.0
 address=/jetsummer.xyz/0.0.0.0
@@ -250,6 +250,7 @@ address=/pandawinterb.xyz/0.0.0.0
 address=/pandawinterc.xyz/0.0.0.0
 address=/pandawinterd.xyz/0.0.0.0
 address=/pandawintere.xyz/0.0.0.0
+address=/pandawinterf.xyz/0.0.0.0
 address=/pcsecurity-live.xyz/0.0.0.0
 address=/peterhahn.be/0.0.0.0
 address=/photo-explorer.org/0.0.0.0
@@ -282,7 +283,6 @@ address=/playwintere.xyz/0.0.0.0
 address=/playwinterf.xyz/0.0.0.0
 address=/ppploanchoices.site/0.0.0.0
 address=/prize-messsages.casa/0.0.0.0
-address=/producthunter.club/0.0.0.0
 address=/profitsurvey365.online/0.0.0.0
 address=/proprotect.me/0.0.0.0
 address=/prosecurityvpn.me/0.0.0.0
@@ -298,7 +298,6 @@ address=/real-buy.net/0.0.0.0
 address=/rewardgivingrealspecialoffer.cyou/0.0.0.0
 address=/rewards-promotion-winner-super.cyou/0.0.0.0
 address=/rewardspromotionwinnersuper.cyou/0.0.0.0
-address=/robogarden.io/0.0.0.0
 address=/runadvanced-bestgreatlyfile.best/0.0.0.0
 address=/rungreatly-bestadvancedfile.best/0.0.0.0
 address=/safeguide.net/0.0.0.0
@@ -307,7 +306,6 @@ address=/search4theupdatefree.work/0.0.0.0
 address=/search4theupgradeset.info/0.0.0.0
 address=/search4upgradingset.info/0.0.0.0
 address=/searchmgr.online/0.0.0.0
-address=/securitevpn.me/0.0.0.0
 address=/securityvpnpro.me/0.0.0.0
 address=/sergey-tracks.xyz/0.0.0.0
 address=/settothereliableupgradingnew.work/0.0.0.0
@@ -348,9 +346,11 @@ address=/syncubercurrentfiles.best/0.0.0.0
 address=/systemupdateme.solutions/0.0.0.0
 address=/systemupdatit.club/0.0.0.0
 address=/technoblogs.net/0.0.0.0
+address=/technologypartners.net/0.0.0.0
 address=/thanksyoursupport.club/0.0.0.0
 address=/the-star.xyz/0.0.0.0
 address=/the1star.xyz/0.0.0.0
+address=/the1volcano.xyz/0.0.0.0
 address=/the7plains.xyz/0.0.0.0
 address=/the7volcano.xyz/0.0.0.0
 address=/theaasteroid.xyz/0.0.0.0
@@ -390,10 +390,12 @@ address=/web-security.ml/0.0.0.0
 address=/webtactics.ca/0.0.0.0
 address=/west1asteroid.xyz/0.0.0.0
 address=/west1ocean.xyz/0.0.0.0
+address=/west1plains.xyz/0.0.0.0
 address=/west1sky.xyz/0.0.0.0
 address=/west1star.xyz/0.0.0.0
 address=/westaasteroid.xyz/0.0.0.0
 address=/westaocean.xyz/0.0.0.0
+address=/westaplanet.xyz/0.0.0.0
 address=/westasea.xyz/0.0.0.0
 address=/westastar.xyz/0.0.0.0
 address=/winnerbigwingiveawaysuper.cyou/0.0.0.0

dist/pup-filter-domains.txt

@@ -1,6 +1,6 @@
 # Title: PUP Domains Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@ aikoo.club
 amobil.online
 appsto.cloud
 appzfirer.biz
-armorprovpn.me
 atprofessor.fun
 atwater.org
 auto-car-search.site
@@ -59,17 +58,18 @@ credit-monitoring-360.xyz
 curfiositystream.com
 curiositydstream.com
 curuiositystream.com
+dailyrep.net
 darkview.org
 dayinlife.net
 dealmedia.club
 dealmedia.website
 dealmedia.xyz
 dealsify.net
-defensepro.me
 discoveryfeed.org
 earlyprogress.info
 efladn.club
 elpelades.club
+enjoy-asteroid.xyz
 enjoy-star.xyz
 enjoy1mountain.xyz
 enjoy1ocean.xyz
@@ -94,7 +94,6 @@ fisudauh.top
 flash-rewards.info
 freewareappsstreamfast-best.digital
 freewareappsstreamfastall.digital
-funanime.me
 funny-media.ru
 funspine.xyz
 genertellife.it
@@ -130,6 +129,7 @@ installprecisehighlythefile.vip
 installprogressiveintenselythefile.vip
 intelectaction.ru
 investinfo.net
+ipaint.us
 ironprovpn.me
 isystemupdate.cloud
 jetsummer.xyz
@@ -250,6 +250,7 @@ pandawinterb.xyz
 pandawinterc.xyz
 pandawinterd.xyz
 pandawintere.xyz
+pandawinterf.xyz
 pcsecurity-live.xyz
 peterhahn.be
 photo-explorer.org
@@ -282,7 +283,6 @@ playwintere.xyz
 playwinterf.xyz
 ppploanchoices.site
 prize-messsages.casa
-producthunter.club
 profitsurvey365.online
 proprotect.me
 prosecurityvpn.me
@@ -298,7 +298,6 @@ real-buy.net
 rewardgivingrealspecialoffer.cyou
 rewards-promotion-winner-super.cyou
 rewardspromotionwinnersuper.cyou
-robogarden.io
 runadvanced-bestgreatlyfile.best
 rungreatly-bestadvancedfile.best
 safeguide.net
@@ -307,7 +306,6 @@ search4theupdatefree.work
 search4theupgradeset.info
 search4upgradingset.info
 searchmgr.online
-securitevpn.me
 securityvpnpro.me
 sergey-tracks.xyz
 settothereliableupgradingnew.work
@@ -348,9 +346,11 @@ syncubercurrentfiles.best
 systemupdateme.solutions
 systemupdatit.club
 technoblogs.net
+technologypartners.net
 thanksyoursupport.club
 the-star.xyz
 the1star.xyz
+the1volcano.xyz
 the7plains.xyz
 the7volcano.xyz
 theaasteroid.xyz
@@ -390,10 +390,12 @@ web-security.ml
 webtactics.ca
 west1asteroid.xyz
 west1ocean.xyz
+west1plains.xyz
 west1sky.xyz
 west1star.xyz
 westaasteroid.xyz
 westaocean.xyz
+westaplanet.xyz
 westasea.xyz
 westastar.xyz
 winnerbigwingiveawaysuper.cyou

dist/pup-filter-hosts.txt

@@ -1,6 +1,6 @@
 # Title: PUP Hosts Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@
 0.0.0.0 amobil.online
 0.0.0.0 appsto.cloud
 0.0.0.0 appzfirer.biz
-0.0.0.0 armorprovpn.me
 0.0.0.0 atprofessor.fun
 0.0.0.0 atwater.org
 0.0.0.0 auto-car-search.site
@@ -59,17 +58,18 @@
 0.0.0.0 curfiositystream.com
 0.0.0.0 curiositydstream.com
 0.0.0.0 curuiositystream.com
+0.0.0.0 dailyrep.net
 0.0.0.0 darkview.org
 0.0.0.0 dayinlife.net
 0.0.0.0 dealmedia.club
 0.0.0.0 dealmedia.website
 0.0.0.0 dealmedia.xyz
 0.0.0.0 dealsify.net
-0.0.0.0 defensepro.me
 0.0.0.0 discoveryfeed.org
 0.0.0.0 earlyprogress.info
 0.0.0.0 efladn.club
 0.0.0.0 elpelades.club
+0.0.0.0 enjoy-asteroid.xyz
 0.0.0.0 enjoy-star.xyz
 0.0.0.0 enjoy1mountain.xyz
 0.0.0.0 enjoy1ocean.xyz
@@ -94,7 +94,6 @@
 0.0.0.0 flash-rewards.info
 0.0.0.0 freewareappsstreamfast-best.digital
 0.0.0.0 freewareappsstreamfastall.digital
-0.0.0.0 funanime.me
 0.0.0.0 funny-media.ru
 0.0.0.0 funspine.xyz
 0.0.0.0 genertellife.it
@@ -130,6 +129,7 @@
 0.0.0.0 installprogressiveintenselythefile.vip
 0.0.0.0 intelectaction.ru
 0.0.0.0 investinfo.net
+0.0.0.0 ipaint.us
 0.0.0.0 ironprovpn.me
 0.0.0.0 isystemupdate.cloud
 0.0.0.0 jetsummer.xyz
@@ -250,6 +250,7 @@
 0.0.0.0 pandawinterc.xyz
 0.0.0.0 pandawinterd.xyz
 0.0.0.0 pandawintere.xyz
+0.0.0.0 pandawinterf.xyz
 0.0.0.0 pcsecurity-live.xyz
 0.0.0.0 peterhahn.be
 0.0.0.0 photo-explorer.org
@@ -282,7 +283,6 @@
 0.0.0.0 playwinterf.xyz
 0.0.0.0 ppploanchoices.site
 0.0.0.0 prize-messsages.casa
-0.0.0.0 producthunter.club
 0.0.0.0 profitsurvey365.online
 0.0.0.0 proprotect.me
 0.0.0.0 prosecurityvpn.me
@@ -298,7 +298,6 @@
 0.0.0.0 rewardgivingrealspecialoffer.cyou
 0.0.0.0 rewards-promotion-winner-super.cyou
 0.0.0.0 rewardspromotionwinnersuper.cyou
-0.0.0.0 robogarden.io
 0.0.0.0 runadvanced-bestgreatlyfile.best
 0.0.0.0 rungreatly-bestadvancedfile.best
 0.0.0.0 safeguide.net
@@ -307,7 +306,6 @@
 0.0.0.0 search4theupgradeset.info
 0.0.0.0 search4upgradingset.info
 0.0.0.0 searchmgr.online
-0.0.0.0 securitevpn.me
 0.0.0.0 securityvpnpro.me
 0.0.0.0 sergey-tracks.xyz
 0.0.0.0 settothereliableupgradingnew.work
@@ -348,9 +346,11 @@
 0.0.0.0 systemupdateme.solutions
 0.0.0.0 systemupdatit.club
 0.0.0.0 technoblogs.net
+0.0.0.0 technologypartners.net
 0.0.0.0 thanksyoursupport.club
 0.0.0.0 the-star.xyz
 0.0.0.0 the1star.xyz
+0.0.0.0 the1volcano.xyz
 0.0.0.0 the7plains.xyz
 0.0.0.0 the7volcano.xyz
 0.0.0.0 theaasteroid.xyz
@@ -390,10 +390,12 @@
 0.0.0.0 webtactics.ca
 0.0.0.0 west1asteroid.xyz
 0.0.0.0 west1ocean.xyz
+0.0.0.0 west1plains.xyz
 0.0.0.0 west1sky.xyz
 0.0.0.0 west1star.xyz
 0.0.0.0 westaasteroid.xyz
 0.0.0.0 westaocean.xyz
+0.0.0.0 westaplanet.xyz
 0.0.0.0 westasea.xyz
 0.0.0.0 westastar.xyz
 0.0.0.0 winnerbigwingiveawaysuper.cyou

dist/pup-filter-rpz.conf

@@ -1,13 +1,13 @@
 ; Title: PUP Domains RPZ Blocklist
 ; Description: Block domains that host potentially unwanted programs (PUP)
-; Updated: Sat, 23 Oct 2021 12:02:25 +0000
+; Updated: Sun, 24 Oct 2021 00:02:57 +0000
 ; Expires: 1 day (update frequency)
 ; Homepage: https://gitlab.com/curben/pup-filter
 ; License: https://gitlab.com/curben/pup-filter#license
 ; Source: https://github.com/zhouhanc/malware-discoverer
 
 $TTL 30
-@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1634990546 86400 3600 604800 30
+@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1635033777 86400 3600 604800 30
  NS localhost.
 
 2021travel.net CNAME .
@@ -18,7 +18,6 @@ aikoo.club CNAME .
 amobil.online CNAME .
 appsto.cloud CNAME .
 appzfirer.biz CNAME .
-armorprovpn.me CNAME .
 atprofessor.fun CNAME .
 atwater.org CNAME .
 auto-car-search.site CNAME .
@@ -64,17 +63,18 @@ credit-monitoring-360.xyz CNAME .
 curfiositystream.com CNAME .
 curiositydstream.com CNAME .
 curuiositystream.com CNAME .
+dailyrep.net CNAME .
 darkview.org CNAME .
 dayinlife.net CNAME .
 dealmedia.club CNAME .
 dealmedia.website CNAME .
 dealmedia.xyz CNAME .
 dealsify.net CNAME .
-defensepro.me CNAME .
 discoveryfeed.org CNAME .
 earlyprogress.info CNAME .
 efladn.club CNAME .
 elpelades.club CNAME .
+enjoy-asteroid.xyz CNAME .
 enjoy-star.xyz CNAME .
 enjoy1mountain.xyz CNAME .
 enjoy1ocean.xyz CNAME .
@@ -99,7 +99,6 @@ fisudauh.top CNAME .
 flash-rewards.info CNAME .
 freewareappsstreamfast-best.digital CNAME .
 freewareappsstreamfastall.digital CNAME .
-funanime.me CNAME .
 funny-media.ru CNAME .
 funspine.xyz CNAME .
 genertellife.it CNAME .
@@ -135,6 +134,7 @@ installprecisehighlythefile.vip CNAME .
 installprogressiveintenselythefile.vip CNAME .
 intelectaction.ru CNAME .
 investinfo.net CNAME .
+ipaint.us CNAME .
 ironprovpn.me CNAME .
 isystemupdate.cloud CNAME .
 jetsummer.xyz CNAME .
@@ -255,6 +255,7 @@ pandawinterb.xyz CNAME .
 pandawinterc.xyz CNAME .
 pandawinterd.xyz CNAME .
 pandawintere.xyz CNAME .
+pandawinterf.xyz CNAME .
 pcsecurity-live.xyz CNAME .
 peterhahn.be CNAME .
 photo-explorer.org CNAME .
@@ -287,7 +288,6 @@ playwintere.xyz CNAME .
 playwinterf.xyz CNAME .
 ppploanchoices.site CNAME .
 prize-messsages.casa CNAME .
-producthunter.club CNAME .
 profitsurvey365.online CNAME .
 proprotect.me CNAME .
 prosecurityvpn.me CNAME .
@@ -303,7 +303,6 @@ real-buy.net CNAME .
 rewardgivingrealspecialoffer.cyou CNAME .
 rewards-promotion-winner-super.cyou CNAME .
 rewardspromotionwinnersuper.cyou CNAME .
-robogarden.io CNAME .
 runadvanced-bestgreatlyfile.best CNAME .
 rungreatly-bestadvancedfile.best CNAME .
 safeguide.net CNAME .
@@ -312,7 +311,6 @@ search4theupdatefree.work CNAME .
 search4theupgradeset.info CNAME .
 search4upgradingset.info CNAME .
 searchmgr.online CNAME .
-securitevpn.me CNAME .
 securityvpnpro.me CNAME .
 sergey-tracks.xyz CNAME .
 settothereliableupgradingnew.work CNAME .
@@ -353,9 +351,11 @@ syncubercurrentfiles.best CNAME .
 systemupdateme.solutions CNAME .
 systemupdatit.club CNAME .
 technoblogs.net CNAME .
+technologypartners.net CNAME .
 thanksyoursupport.club CNAME .
 the-star.xyz CNAME .
 the1star.xyz CNAME .
+the1volcano.xyz CNAME .
 the7plains.xyz CNAME .
 the7volcano.xyz CNAME .
 theaasteroid.xyz CNAME .
@@ -395,10 +395,12 @@ web-security.ml CNAME .
 webtactics.ca CNAME .
 west1asteroid.xyz CNAME .
 west1ocean.xyz CNAME .
+west1plains.xyz CNAME .
 west1sky.xyz CNAME .
 west1star.xyz CNAME .
 westaasteroid.xyz CNAME .
 westaocean.xyz CNAME .
+westaplanet.xyz CNAME .
 westasea.xyz CNAME .
 westastar.xyz CNAME .
 winnerbigwingiveawaysuper.cyou CNAME .

dist/pup-filter-snort2.rules

@@ -1,6 +1,6 @@
 # Title: PUP Domains Snort2 Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,63 +13,63 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"amobil.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"armorprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atprofessor.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atwater.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upcompletely-bestprecisefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upcompletely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upfree-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upoverly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-uprenewed-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000029; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upuber-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000030; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"breaking-news.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000031; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"calledbellc.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000032; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000033; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000034; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000035; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000036; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000037; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000038; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeracoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centerastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeravolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chatverse.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkstableaupdatinglinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connecttheupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"craftstash.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curfiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curiositydstream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curuiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atprofessor.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atwater.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upcompletely-bestprecisefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upcompletely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upfree-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upoverly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-uprenewed-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upuber-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000029; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"breaking-news.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000030; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"calledbellc.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000031; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000032; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000033; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000034; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000035; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000036; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000037; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeracoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000038; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centerastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeravolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chatverse.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkstableaupdatinglinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connecttheupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"craftstash.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curfiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curiositydstream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curuiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyrep.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"darkview.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000055; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dayinlife.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000056; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000057; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000058; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000059; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealsify.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000060; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"defensepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000061; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"discoveryfeed.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000062; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"earlyprogress.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000063; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"efladn.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000064; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"elpelades.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000065; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"discoveryfeed.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000061; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"earlyprogress.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000062; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"efladn.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000063; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"elpelades.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000064; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000065; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000066; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000067; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000068; rev:1;)
@@ -94,42 +94,42 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flash-rewards.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"freewareappsstreamfast-best.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"freewareappsstreamfastall.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funanime.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funny-media.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"get-your-score.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladplacespin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpages.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"httqzq.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"huge2upgradescentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypezen.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ientsillness.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incing-marganic.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incrediblebuzz.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateprogressivecompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatesophisticatedcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateswiftcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installcurrentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installintenselyoriginalthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installprecisehighlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installprogressiveintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"intelectaction.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"investinfo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funny-media.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"get-your-score.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladplacespin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpages.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"httqzq.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"huge2upgradescentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypezen.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ientsillness.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incing-marganic.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incrediblebuzz.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateprogressivecompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatesophisticatedcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateswiftcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installcurrentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installintenselyoriginalthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installprecisehighlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installprogressiveintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"intelectaction.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"investinfo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ipaint.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000125; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000126; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"isystemupdate.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000127; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jetsummer.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000128; rev:1;)
@@ -250,39 +250,39 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pcsecurity-live.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"peterhahn.be"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placesiteb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspind.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppploanchoices.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"producthunter.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pcsecurity-live.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"peterhahn.be"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placesiteb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspind.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppploanchoices.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitsurvey365.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"proprotect.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prosecurityvpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
@@ -298,59 +298,59 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardgivingrealspecialoffer.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewards-promotion-winner-super.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardspromotionwinnersuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safeguide.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"software-dealz.de"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonicacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stogether.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselysophisticatedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streampreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamspeedyintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"summermedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweetalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweetgirls.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccurrentmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatestintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmostprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestuberthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrecentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncubercurrentfiles.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdatit.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technoblogs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thanksyoursupport.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safeguide.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"software-dealz.de"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonicacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stogether.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselysophisticatedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streampreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamspeedyintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"summermedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweetalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweetgirls.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccurrentmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatestintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmostprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestuberthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrecentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncubercurrentfiles.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdatit.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technoblogs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technologypartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thanksyoursupport.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
@@ -390,25 +390,27 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000383; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000384; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000385; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000386; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000387; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000388; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000389; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westasea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000390; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000391; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerbigwingiveawaysuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000392; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000393; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000394; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worivo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000395; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-national-claim-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000396; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-prize-giveaway-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000397; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideluckypromotionfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000398; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwidenationalclaimfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000399; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000400; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideprizegiveawayfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000401; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000402; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000403; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourluckytoday.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000404; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000405; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000406; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zalando-prive.es"; content:"Host"; http_header; classtype:web-application-activity; sid:300000407; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000386; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000387; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000388; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000389; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000390; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000391; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westasea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000392; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000393; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerbigwingiveawaysuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000394; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000395; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000396; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worivo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000397; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-national-claim-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000398; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-prize-giveaway-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000399; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideluckypromotionfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000400; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwidenationalclaimfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000401; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000402; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideprizegiveawayfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000403; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000404; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000405; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourluckytoday.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000406; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000407; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000408; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zalando-prive.es"; content:"Host"; http_header; classtype:web-application-activity; sid:300000409; rev:1;)

dist/pup-filter-snort3.rules

@@ -1,6 +1,6 @@
 # Title: PUP Domains Snort3 Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,63 +13,63 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"amobil.online",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"armorprovpn.me",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atprofessor.fun",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atwater.org",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upcompletely-bestprecisefile.best",nocase; classtype:web-application-activity; sid:300000022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upcompletely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upfree-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upoverly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-uprenewed-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upuber-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"breaking-news.digital",nocase; classtype:web-application-activity; sid:300000031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"calledbellc.fun",nocase; classtype:web-application-activity; sid:300000032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1plains.xyz",nocase; classtype:web-application-activity; sid:300000034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1sky.xyz",nocase; classtype:web-application-activity; sid:300000035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1star.xyz",nocase; classtype:web-application-activity; sid:300000036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7ocean.xyz",nocase; classtype:web-application-activity; sid:300000037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7planet.xyz",nocase; classtype:web-application-activity; sid:300000038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeracoast.xyz",nocase; classtype:web-application-activity; sid:300000039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centerastar.xyz",nocase; classtype:web-application-activity; sid:300000040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeravolcano.xyz",nocase; classtype:web-application-activity; sid:300000041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chatverse.net",nocase; classtype:web-application-activity; sid:300000042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"checkstableaupdatinglinks.work",nocase; classtype:web-application-activity; sid:300000043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connecttheupgradingurls.work",nocase; classtype:web-application-activity; sid:300000044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"craftstash.us",nocase; classtype:web-application-activity; sid:300000049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curfiositystream.com",nocase; classtype:web-application-activity; sid:300000052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curiositydstream.com",nocase; classtype:web-application-activity; sid:300000053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curuiositystream.com",nocase; classtype:web-application-activity; sid:300000054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atprofessor.fun",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atwater.org",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upcompletely-bestprecisefile.best",nocase; classtype:web-application-activity; sid:300000021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upcompletely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upfree-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upoverly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-uprenewed-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upuber-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"breaking-news.digital",nocase; classtype:web-application-activity; sid:300000030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"calledbellc.fun",nocase; classtype:web-application-activity; sid:300000031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1plains.xyz",nocase; classtype:web-application-activity; sid:300000033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1sky.xyz",nocase; classtype:web-application-activity; sid:300000034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1star.xyz",nocase; classtype:web-application-activity; sid:300000035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7ocean.xyz",nocase; classtype:web-application-activity; sid:300000036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7planet.xyz",nocase; classtype:web-application-activity; sid:300000037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeracoast.xyz",nocase; classtype:web-application-activity; sid:300000038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centerastar.xyz",nocase; classtype:web-application-activity; sid:300000039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeravolcano.xyz",nocase; classtype:web-application-activity; sid:300000040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chatverse.net",nocase; classtype:web-application-activity; sid:300000041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"checkstableaupdatinglinks.work",nocase; classtype:web-application-activity; sid:300000042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connecttheupgradingurls.work",nocase; classtype:web-application-activity; sid:300000043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"craftstash.us",nocase; classtype:web-application-activity; sid:300000048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curfiositystream.com",nocase; classtype:web-application-activity; sid:300000051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curiositydstream.com",nocase; classtype:web-application-activity; sid:300000052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curuiositystream.com",nocase; classtype:web-application-activity; sid:300000053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyrep.net",nocase; classtype:web-application-activity; sid:300000054; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"darkview.org",nocase; classtype:web-application-activity; sid:300000055; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dayinlife.net",nocase; classtype:web-application-activity; sid:300000056; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.club",nocase; classtype:web-application-activity; sid:300000057; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.website",nocase; classtype:web-application-activity; sid:300000058; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.xyz",nocase; classtype:web-application-activity; sid:300000059; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealsify.net",nocase; classtype:web-application-activity; sid:300000060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"defensepro.me",nocase; classtype:web-application-activity; sid:300000061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"discoveryfeed.org",nocase; classtype:web-application-activity; sid:300000062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"earlyprogress.info",nocase; classtype:web-application-activity; sid:300000063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"efladn.club",nocase; classtype:web-application-activity; sid:300000064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"elpelades.club",nocase; classtype:web-application-activity; sid:300000065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"discoveryfeed.org",nocase; classtype:web-application-activity; sid:300000061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"earlyprogress.info",nocase; classtype:web-application-activity; sid:300000062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"efladn.club",nocase; classtype:web-application-activity; sid:300000063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"elpelades.club",nocase; classtype:web-application-activity; sid:300000064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-asteroid.xyz",nocase; classtype:web-application-activity; sid:300000065; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-star.xyz",nocase; classtype:web-application-activity; sid:300000066; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1mountain.xyz",nocase; classtype:web-application-activity; sid:300000067; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1ocean.xyz",nocase; classtype:web-application-activity; sid:300000068; rev:1;)
@@ -94,42 +94,42 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flash-rewards.info",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"freewareappsstreamfast-best.digital",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"freewareappsstreamfastall.digital",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funanime.me",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funny-media.ru",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"get-your-score.club",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladplacespin.xyz",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hpages.net",nocase; classtype:web-application-activity; sid:300000105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"httqzq.vip",nocase; classtype:web-application-activity; sid:300000106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"huge2upgradescentral.work",nocase; classtype:web-application-activity; sid:300000107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hypezen.info",nocase; classtype:web-application-activity; sid:300000108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ientsillness.fun",nocase; classtype:web-application-activity; sid:300000109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incing-marganic.icu",nocase; classtype:web-application-activity; sid:300000111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incrediblebuzz.info",nocase; classtype:web-application-activity; sid:300000112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateprogressivecompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatesophisticatedcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateswiftcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installcurrentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installintenselyoriginalthefile.vip",nocase; classtype:web-application-activity; sid:300000120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installprecisehighlythefile.vip",nocase; classtype:web-application-activity; sid:300000122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installprogressiveintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"intelectaction.ru",nocase; classtype:web-application-activity; sid:300000124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"investinfo.net",nocase; classtype:web-application-activity; sid:300000125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funny-media.ru",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"get-your-score.club",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladplacespin.xyz",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hpages.net",nocase; classtype:web-application-activity; sid:300000104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"httqzq.vip",nocase; classtype:web-application-activity; sid:300000105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"huge2upgradescentral.work",nocase; classtype:web-application-activity; sid:300000106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hypezen.info",nocase; classtype:web-application-activity; sid:300000107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ientsillness.fun",nocase; classtype:web-application-activity; sid:300000108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incing-marganic.icu",nocase; classtype:web-application-activity; sid:300000110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incrediblebuzz.info",nocase; classtype:web-application-activity; sid:300000111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateprogressivecompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatesophisticatedcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateswiftcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installcurrentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installintenselyoriginalthefile.vip",nocase; classtype:web-application-activity; sid:300000119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installprecisehighlythefile.vip",nocase; classtype:web-application-activity; sid:300000121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installprogressiveintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"intelectaction.ru",nocase; classtype:web-application-activity; sid:300000123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"investinfo.net",nocase; classtype:web-application-activity; sid:300000124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ipaint.us",nocase; classtype:web-application-activity; sid:300000125; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ironprovpn.me",nocase; classtype:web-application-activity; sid:300000126; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"isystemupdate.cloud",nocase; classtype:web-application-activity; sid:300000127; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jetsummer.xyz",nocase; classtype:web-application-activity; sid:300000128; rev:1;)
@@ -250,39 +250,39 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pcsecurity-live.xyz",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"peterhahn.be",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placesiteb.xyz",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspind.xyz",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringb.xyz",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringc.xyz",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringd.xyz",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringe.xyz",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummera.xyz",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerb.xyz",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerc.xyz",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummere.xyz",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerf.xyz",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintera.xyz",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterb.xyz",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterc.xyz",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterd.xyz",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintere.xyz",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterf.xyz",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ppploanchoices.site",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"producthunter.club",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterf.xyz",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pcsecurity-live.xyz",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"peterhahn.be",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placesiteb.xyz",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspind.xyz",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringb.xyz",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringc.xyz",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringd.xyz",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringe.xyz",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummera.xyz",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerb.xyz",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerc.xyz",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummere.xyz",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerf.xyz",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintera.xyz",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterb.xyz",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterc.xyz",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterd.xyz",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintere.xyz",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterf.xyz",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ppploanchoices.site",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitsurvey365.online",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"proprotect.me",nocase; classtype:web-application-activity; sid:300000280; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prosecurityvpn.me",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
@@ -298,59 +298,59 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardgivingrealspecialoffer.cyou",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewards-promotion-winner-super.cyou",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardspromotionwinnersuper.cyou",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safeguide.net",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"software-dealz.de",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-ocean.xyz",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1coast.xyz",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1ocean.xyz",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonicacrater.xyz",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stogether.fun",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselysophisticatedthefile.vip",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streampreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamspeedyintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"summermedia.club",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sweetalt.ru",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sweetgirls.buzz",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccurrentmostthefile.vip",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatestintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncmostprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestmostthefile.vip",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestuberthefile.vip",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrecentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncubercurrentfiles.best",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdatit.club",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technoblogs.net",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thanksyoursupport.club",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-star.xyz",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1star.xyz",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safeguide.net",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"software-dealz.de",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-ocean.xyz",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1coast.xyz",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1ocean.xyz",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonicacrater.xyz",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stogether.fun",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselysophisticatedthefile.vip",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streampreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamspeedyintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"summermedia.club",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sweetalt.ru",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sweetgirls.buzz",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccurrentmostthefile.vip",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatestintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncmostprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestmostthefile.vip",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestuberthefile.vip",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrecentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncubercurrentfiles.best",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdatit.club",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technoblogs.net",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technologypartners.net",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thanksyoursupport.club",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-star.xyz",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1star.xyz",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1volcano.xyz",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7plains.xyz",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7volcano.xyz",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
@@ -390,25 +390,27 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000383; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000384; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1ocean.xyz",nocase; classtype:web-application-activity; sid:300000385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1sky.xyz",nocase; classtype:web-application-activity; sid:300000386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1star.xyz",nocase; classtype:web-application-activity; sid:300000387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaocean.xyz",nocase; classtype:web-application-activity; sid:300000389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westasea.xyz",nocase; classtype:web-application-activity; sid:300000390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westastar.xyz",nocase; classtype:web-application-activity; sid:300000391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerbigwingiveawaysuper.cyou",nocase; classtype:web-application-activity; sid:300000392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.icu",nocase; classtype:web-application-activity; sid:300000393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.site",nocase; classtype:web-application-activity; sid:300000394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worivo.info",nocase; classtype:web-application-activity; sid:300000395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-national-claim-free.cyou",nocase; classtype:web-application-activity; sid:300000396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-prize-giveaway-free.cyou",nocase; classtype:web-application-activity; sid:300000397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideluckypromotionfree.cyou",nocase; classtype:web-application-activity; sid:300000398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwidenationalclaimfree.cyou",nocase; classtype:web-application-activity; sid:300000399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideprizegiveawayfree.cyou",nocase; classtype:web-application-activity; sid:300000401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourluckytoday.club",nocase; classtype:web-application-activity; sid:300000404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zalando-prive.es",nocase; classtype:web-application-activity; sid:300000407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1plains.xyz",nocase; classtype:web-application-activity; sid:300000386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1sky.xyz",nocase; classtype:web-application-activity; sid:300000387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1star.xyz",nocase; classtype:web-application-activity; sid:300000388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaocean.xyz",nocase; classtype:web-application-activity; sid:300000390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaplanet.xyz",nocase; classtype:web-application-activity; sid:300000391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westasea.xyz",nocase; classtype:web-application-activity; sid:300000392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westastar.xyz",nocase; classtype:web-application-activity; sid:300000393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerbigwingiveawaysuper.cyou",nocase; classtype:web-application-activity; sid:300000394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.icu",nocase; classtype:web-application-activity; sid:300000395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.site",nocase; classtype:web-application-activity; sid:300000396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worivo.info",nocase; classtype:web-application-activity; sid:300000397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-national-claim-free.cyou",nocase; classtype:web-application-activity; sid:300000398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-prize-giveaway-free.cyou",nocase; classtype:web-application-activity; sid:300000399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideluckypromotionfree.cyou",nocase; classtype:web-application-activity; sid:300000400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwidenationalclaimfree.cyou",nocase; classtype:web-application-activity; sid:300000401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideprizegiveawayfree.cyou",nocase; classtype:web-application-activity; sid:300000403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourluckytoday.club",nocase; classtype:web-application-activity; sid:300000406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zalando-prive.es",nocase; classtype:web-application-activity; sid:300000409; rev:1;)

dist/pup-filter-suricata.rules

@@ -1,6 +1,6 @@
 # Title: PUP Domains Suricata Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,63 +13,63 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amobil.online"; classtype:web-application-activity; sid:300000006; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000007; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"armorprovpn.me"; classtype:web-application-activity; sid:300000009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atprofessor.fun"; classtype:web-application-activity; sid:300000010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atwater.org"; classtype:web-application-activity; sid:300000011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upcompletely-bestprecisefile.best"; classtype:web-application-activity; sid:300000022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upcompletely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upfree-bestuberfile.best"; classtype:web-application-activity; sid:300000024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000025; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000026; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upoverly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000027; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-uprenewed-bestuberfile.best"; classtype:web-application-activity; sid:300000028; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000029; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upuber-bestfreefile.best"; classtype:web-application-activity; sid:300000030; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"breaking-news.digital"; classtype:web-application-activity; sid:300000031; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"calledbellc.fun"; classtype:web-application-activity; sid:300000032; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000033; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1plains.xyz"; classtype:web-application-activity; sid:300000034; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1sky.xyz"; classtype:web-application-activity; sid:300000035; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1star.xyz"; classtype:web-application-activity; sid:300000036; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7ocean.xyz"; classtype:web-application-activity; sid:300000037; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7planet.xyz"; classtype:web-application-activity; sid:300000038; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeracoast.xyz"; classtype:web-application-activity; sid:300000039; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centerastar.xyz"; classtype:web-application-activity; sid:300000040; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeravolcano.xyz"; classtype:web-application-activity; sid:300000041; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chatverse.net"; classtype:web-application-activity; sid:300000042; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkstableaupdatinglinks.work"; classtype:web-application-activity; sid:300000043; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connecttheupgradingurls.work"; classtype:web-application-activity; sid:300000044; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000045; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000046; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000047; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000048; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"craftstash.us"; classtype:web-application-activity; sid:300000049; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000050; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000051; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curfiositystream.com"; classtype:web-application-activity; sid:300000052; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curiositydstream.com"; classtype:web-application-activity; sid:300000053; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curuiositystream.com"; classtype:web-application-activity; sid:300000054; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atprofessor.fun"; classtype:web-application-activity; sid:300000009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atwater.org"; classtype:web-application-activity; sid:300000010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upcompletely-bestprecisefile.best"; classtype:web-application-activity; sid:300000021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upcompletely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upfree-bestuberfile.best"; classtype:web-application-activity; sid:300000023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upoverly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000026; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-uprenewed-bestuberfile.best"; classtype:web-application-activity; sid:300000027; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000028; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upuber-bestfreefile.best"; classtype:web-application-activity; sid:300000029; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"breaking-news.digital"; classtype:web-application-activity; sid:300000030; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"calledbellc.fun"; classtype:web-application-activity; sid:300000031; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000032; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1plains.xyz"; classtype:web-application-activity; sid:300000033; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1sky.xyz"; classtype:web-application-activity; sid:300000034; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1star.xyz"; classtype:web-application-activity; sid:300000035; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7ocean.xyz"; classtype:web-application-activity; sid:300000036; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7planet.xyz"; classtype:web-application-activity; sid:300000037; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeracoast.xyz"; classtype:web-application-activity; sid:300000038; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centerastar.xyz"; classtype:web-application-activity; sid:300000039; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeravolcano.xyz"; classtype:web-application-activity; sid:300000040; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chatverse.net"; classtype:web-application-activity; sid:300000041; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkstableaupdatinglinks.work"; classtype:web-application-activity; sid:300000042; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connecttheupgradingurls.work"; classtype:web-application-activity; sid:300000043; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000044; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000045; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000046; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000047; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"craftstash.us"; classtype:web-application-activity; sid:300000048; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000049; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000050; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curfiositystream.com"; classtype:web-application-activity; sid:300000051; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curiositydstream.com"; classtype:web-application-activity; sid:300000052; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curuiositystream.com"; classtype:web-application-activity; sid:300000053; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyrep.net"; classtype:web-application-activity; sid:300000054; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"darkview.org"; classtype:web-application-activity; sid:300000055; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dayinlife.net"; classtype:web-application-activity; sid:300000056; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.club"; classtype:web-application-activity; sid:300000057; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.website"; classtype:web-application-activity; sid:300000058; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.xyz"; classtype:web-application-activity; sid:300000059; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealsify.net"; classtype:web-application-activity; sid:300000060; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"defensepro.me"; classtype:web-application-activity; sid:300000061; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discoveryfeed.org"; classtype:web-application-activity; sid:300000062; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"earlyprogress.info"; classtype:web-application-activity; sid:300000063; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efladn.club"; classtype:web-application-activity; sid:300000064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpelades.club"; classtype:web-application-activity; sid:300000065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discoveryfeed.org"; classtype:web-application-activity; sid:300000061; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"earlyprogress.info"; classtype:web-application-activity; sid:300000062; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efladn.club"; classtype:web-application-activity; sid:300000063; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpelades.club"; classtype:web-application-activity; sid:300000064; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-asteroid.xyz"; classtype:web-application-activity; sid:300000065; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-star.xyz"; classtype:web-application-activity; sid:300000066; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1mountain.xyz"; classtype:web-application-activity; sid:300000067; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1ocean.xyz"; classtype:web-application-activity; sid:300000068; rev:1;)
@@ -94,42 +94,42 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flash-rewards.info"; classtype:web-application-activity; sid:300000087; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freewareappsstreamfast-best.digital"; classtype:web-application-activity; sid:300000088; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freewareappsstreamfastall.digital"; classtype:web-application-activity; sid:300000089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funanime.me"; classtype:web-application-activity; sid:300000090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funny-media.ru"; classtype:web-application-activity; sid:300000091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"get-your-score.club"; classtype:web-application-activity; sid:300000094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladplacespin.xyz"; classtype:web-application-activity; sid:300000097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpages.net"; classtype:web-application-activity; sid:300000105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httqzq.vip"; classtype:web-application-activity; sid:300000106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huge2upgradescentral.work"; classtype:web-application-activity; sid:300000107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypezen.info"; classtype:web-application-activity; sid:300000108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ientsillness.fun"; classtype:web-application-activity; sid:300000109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incing-marganic.icu"; classtype:web-application-activity; sid:300000111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incrediblebuzz.info"; classtype:web-application-activity; sid:300000112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprecisethefile.vip"; classtype:web-application-activity; sid:300000113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprogressivethefile.vip"; classtype:web-application-activity; sid:300000114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyspeedythefile.vip"; classtype:web-application-activity; sid:300000115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateprogressivecompletelythefile.vip"; classtype:web-application-activity; sid:300000116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatesophisticatedcompletelythefile.vip"; classtype:web-application-activity; sid:300000117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateswiftcompletelythefile.vip"; classtype:web-application-activity; sid:300000118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installcurrentintenselythefile.vip"; classtype:web-application-activity; sid:300000119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installintenselyoriginalthefile.vip"; classtype:web-application-activity; sid:300000120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installprecisehighlythefile.vip"; classtype:web-application-activity; sid:300000122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installprogressiveintenselythefile.vip"; classtype:web-application-activity; sid:300000123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intelectaction.ru"; classtype:web-application-activity; sid:300000124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investinfo.net"; classtype:web-application-activity; sid:300000125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funny-media.ru"; classtype:web-application-activity; sid:300000090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"get-your-score.club"; classtype:web-application-activity; sid:300000093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladplacespin.xyz"; classtype:web-application-activity; sid:300000096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpages.net"; classtype:web-application-activity; sid:300000104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httqzq.vip"; classtype:web-application-activity; sid:300000105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huge2upgradescentral.work"; classtype:web-application-activity; sid:300000106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypezen.info"; classtype:web-application-activity; sid:300000107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ientsillness.fun"; classtype:web-application-activity; sid:300000108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incing-marganic.icu"; classtype:web-application-activity; sid:300000110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incrediblebuzz.info"; classtype:web-application-activity; sid:300000111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprecisethefile.vip"; classtype:web-application-activity; sid:300000112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprogressivethefile.vip"; classtype:web-application-activity; sid:300000113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyspeedythefile.vip"; classtype:web-application-activity; sid:300000114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateprogressivecompletelythefile.vip"; classtype:web-application-activity; sid:300000115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatesophisticatedcompletelythefile.vip"; classtype:web-application-activity; sid:300000116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateswiftcompletelythefile.vip"; classtype:web-application-activity; sid:300000117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installcurrentintenselythefile.vip"; classtype:web-application-activity; sid:300000118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installintenselyoriginalthefile.vip"; classtype:web-application-activity; sid:300000119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installprecisehighlythefile.vip"; classtype:web-application-activity; sid:300000121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installprogressiveintenselythefile.vip"; classtype:web-application-activity; sid:300000122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intelectaction.ru"; classtype:web-application-activity; sid:300000123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investinfo.net"; classtype:web-application-activity; sid:300000124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ipaint.us"; classtype:web-application-activity; sid:300000125; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironprovpn.me"; classtype:web-application-activity; sid:300000126; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isystemupdate.cloud"; classtype:web-application-activity; sid:300000127; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jetsummer.xyz"; classtype:web-application-activity; sid:300000128; rev:1;)
@@ -250,39 +250,39 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000243; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000244; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000245; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcsecurity-live.xyz"; classtype:web-application-activity; sid:300000246; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peterhahn.be"; classtype:web-application-activity; sid:300000247; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000248; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000249; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000250; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000251; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000252; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000253; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000254; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000255; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000256; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000257; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000258; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspind.xyz"; classtype:web-application-activity; sid:300000259; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000260; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringb.xyz"; classtype:web-application-activity; sid:300000261; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringc.xyz"; classtype:web-application-activity; sid:300000262; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringd.xyz"; classtype:web-application-activity; sid:300000263; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringe.xyz"; classtype:web-application-activity; sid:300000264; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummera.xyz"; classtype:web-application-activity; sid:300000265; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerb.xyz"; classtype:web-application-activity; sid:300000266; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerc.xyz"; classtype:web-application-activity; sid:300000267; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummere.xyz"; classtype:web-application-activity; sid:300000268; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerf.xyz"; classtype:web-application-activity; sid:300000269; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintera.xyz"; classtype:web-application-activity; sid:300000270; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterb.xyz"; classtype:web-application-activity; sid:300000271; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterc.xyz"; classtype:web-application-activity; sid:300000272; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterd.xyz"; classtype:web-application-activity; sid:300000273; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintere.xyz"; classtype:web-application-activity; sid:300000274; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterf.xyz"; classtype:web-application-activity; sid:300000275; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppploanchoices.site"; classtype:web-application-activity; sid:300000276; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000277; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"producthunter.club"; classtype:web-application-activity; sid:300000278; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterf.xyz"; classtype:web-application-activity; sid:300000246; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcsecurity-live.xyz"; classtype:web-application-activity; sid:300000247; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peterhahn.be"; classtype:web-application-activity; sid:300000248; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000249; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000250; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000251; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000252; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000253; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000254; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000255; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000256; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000257; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000258; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000259; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspind.xyz"; classtype:web-application-activity; sid:300000260; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000261; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringb.xyz"; classtype:web-application-activity; sid:300000262; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringc.xyz"; classtype:web-application-activity; sid:300000263; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringd.xyz"; classtype:web-application-activity; sid:300000264; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringe.xyz"; classtype:web-application-activity; sid:300000265; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummera.xyz"; classtype:web-application-activity; sid:300000266; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerb.xyz"; classtype:web-application-activity; sid:300000267; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerc.xyz"; classtype:web-application-activity; sid:300000268; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummere.xyz"; classtype:web-application-activity; sid:300000269; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerf.xyz"; classtype:web-application-activity; sid:300000270; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintera.xyz"; classtype:web-application-activity; sid:300000271; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterb.xyz"; classtype:web-application-activity; sid:300000272; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterc.xyz"; classtype:web-application-activity; sid:300000273; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterd.xyz"; classtype:web-application-activity; sid:300000274; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintere.xyz"; classtype:web-application-activity; sid:300000275; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterf.xyz"; classtype:web-application-activity; sid:300000276; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppploanchoices.site"; classtype:web-application-activity; sid:300000277; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000278; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitsurvey365.online"; classtype:web-application-activity; sid:300000279; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proprotect.me"; classtype:web-application-activity; sid:300000280; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prosecurityvpn.me"; classtype:web-application-activity; sid:300000281; rev:1;)
@@ -298,59 +298,59 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardgivingrealspecialoffer.cyou"; classtype:web-application-activity; sid:300000291; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewards-promotion-winner-super.cyou"; classtype:web-application-activity; sid:300000292; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardspromotionwinnersuper.cyou"; classtype:web-application-activity; sid:300000293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000296; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safeguide.net"; classtype:web-application-activity; sid:300000297; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000298; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000299; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000300; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000301; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000302; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000303; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000304; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000305; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000306; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000307; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000308; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000309; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000310; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"software-dealz.de"; classtype:web-application-activity; sid:300000311; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-ocean.xyz"; classtype:web-application-activity; sid:300000312; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1coast.xyz"; classtype:web-application-activity; sid:300000313; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1ocean.xyz"; classtype:web-application-activity; sid:300000314; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonicacrater.xyz"; classtype:web-application-activity; sid:300000315; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000316; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000317; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000318; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000319; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000320; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000321; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000322; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stogether.fun"; classtype:web-application-activity; sid:300000323; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000324; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000325; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselysophisticatedthefile.vip"; classtype:web-application-activity; sid:300000326; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streampreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000327; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestuberfile.best"; classtype:web-application-activity; sid:300000328; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamspeedyintenselythefile.vip"; classtype:web-application-activity; sid:300000329; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000330; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"summermedia.club"; classtype:web-application-activity; sid:300000331; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sweetalt.ru"; classtype:web-application-activity; sid:300000332; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sweetgirls.buzz"; classtype:web-application-activity; sid:300000333; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccurrentmostthefile.vip"; classtype:web-application-activity; sid:300000334; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatestintenselythefile.vip"; classtype:web-application-activity; sid:300000335; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmostprecisethefile.vip"; classtype:web-application-activity; sid:300000336; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestmostthefile.vip"; classtype:web-application-activity; sid:300000337; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestuberthefile.vip"; classtype:web-application-activity; sid:300000338; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrecentintenselythefile.vip"; classtype:web-application-activity; sid:300000339; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncubercurrentfiles.best"; classtype:web-application-activity; sid:300000340; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000341; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdatit.club"; classtype:web-application-activity; sid:300000342; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technoblogs.net"; classtype:web-application-activity; sid:300000343; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thanksyoursupport.club"; classtype:web-application-activity; sid:300000344; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-star.xyz"; classtype:web-application-activity; sid:300000345; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1star.xyz"; classtype:web-application-activity; sid:300000346; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safeguide.net"; classtype:web-application-activity; sid:300000296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000297; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000298; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000299; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000300; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000301; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000302; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000303; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000304; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000305; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000306; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000307; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000308; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"software-dealz.de"; classtype:web-application-activity; sid:300000309; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-ocean.xyz"; classtype:web-application-activity; sid:300000310; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1coast.xyz"; classtype:web-application-activity; sid:300000311; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1ocean.xyz"; classtype:web-application-activity; sid:300000312; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonicacrater.xyz"; classtype:web-application-activity; sid:300000313; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000314; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000315; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000316; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000317; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000318; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000319; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000320; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stogether.fun"; classtype:web-application-activity; sid:300000321; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000322; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000323; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselysophisticatedthefile.vip"; classtype:web-application-activity; sid:300000324; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streampreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000325; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestuberfile.best"; classtype:web-application-activity; sid:300000326; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamspeedyintenselythefile.vip"; classtype:web-application-activity; sid:300000327; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000328; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"summermedia.club"; classtype:web-application-activity; sid:300000329; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sweetalt.ru"; classtype:web-application-activity; sid:300000330; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sweetgirls.buzz"; classtype:web-application-activity; sid:300000331; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccurrentmostthefile.vip"; classtype:web-application-activity; sid:300000332; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatestintenselythefile.vip"; classtype:web-application-activity; sid:300000333; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmostprecisethefile.vip"; classtype:web-application-activity; sid:300000334; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestmostthefile.vip"; classtype:web-application-activity; sid:300000335; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestuberthefile.vip"; classtype:web-application-activity; sid:300000336; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrecentintenselythefile.vip"; classtype:web-application-activity; sid:300000337; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncubercurrentfiles.best"; classtype:web-application-activity; sid:300000338; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000339; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdatit.club"; classtype:web-application-activity; sid:300000340; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technoblogs.net"; classtype:web-application-activity; sid:300000341; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technologypartners.net"; classtype:web-application-activity; sid:300000342; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thanksyoursupport.club"; classtype:web-application-activity; sid:300000343; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-star.xyz"; classtype:web-application-activity; sid:300000344; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1star.xyz"; classtype:web-application-activity; sid:300000345; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1volcano.xyz"; classtype:web-application-activity; sid:300000346; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7plains.xyz"; classtype:web-application-activity; sid:300000347; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7volcano.xyz"; classtype:web-application-activity; sid:300000348; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaasteroid.xyz"; classtype:web-application-activity; sid:300000349; rev:1;)
@@ -390,25 +390,27 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000383; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1asteroid.xyz"; classtype:web-application-activity; sid:300000384; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1ocean.xyz"; classtype:web-application-activity; sid:300000385; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1sky.xyz"; classtype:web-application-activity; sid:300000386; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1star.xyz"; classtype:web-application-activity; sid:300000387; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaasteroid.xyz"; classtype:web-application-activity; sid:300000388; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaocean.xyz"; classtype:web-application-activity; sid:300000389; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westasea.xyz"; classtype:web-application-activity; sid:300000390; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westastar.xyz"; classtype:web-application-activity; sid:300000391; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerbigwingiveawaysuper.cyou"; classtype:web-application-activity; sid:300000392; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.icu"; classtype:web-application-activity; sid:300000393; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.site"; classtype:web-application-activity; sid:300000394; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worivo.info"; classtype:web-application-activity; sid:300000395; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-national-claim-free.cyou"; classtype:web-application-activity; sid:300000396; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-prize-giveaway-free.cyou"; classtype:web-application-activity; sid:300000397; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideluckypromotionfree.cyou"; classtype:web-application-activity; sid:300000398; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwidenationalclaimfree.cyou"; classtype:web-application-activity; sid:300000399; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000400; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideprizegiveawayfree.cyou"; classtype:web-application-activity; sid:300000401; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000402; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000403; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourluckytoday.club"; classtype:web-application-activity; sid:300000404; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000405; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000406; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zalando-prive.es"; classtype:web-application-activity; sid:300000407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1plains.xyz"; classtype:web-application-activity; sid:300000386; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1sky.xyz"; classtype:web-application-activity; sid:300000387; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1star.xyz"; classtype:web-application-activity; sid:300000388; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaasteroid.xyz"; classtype:web-application-activity; sid:300000389; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaocean.xyz"; classtype:web-application-activity; sid:300000390; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaplanet.xyz"; classtype:web-application-activity; sid:300000391; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westasea.xyz"; classtype:web-application-activity; sid:300000392; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westastar.xyz"; classtype:web-application-activity; sid:300000393; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerbigwingiveawaysuper.cyou"; classtype:web-application-activity; sid:300000394; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.icu"; classtype:web-application-activity; sid:300000395; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.site"; classtype:web-application-activity; sid:300000396; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worivo.info"; classtype:web-application-activity; sid:300000397; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-national-claim-free.cyou"; classtype:web-application-activity; sid:300000398; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-prize-giveaway-free.cyou"; classtype:web-application-activity; sid:300000399; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideluckypromotionfree.cyou"; classtype:web-application-activity; sid:300000400; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwidenationalclaimfree.cyou"; classtype:web-application-activity; sid:300000401; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000402; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideprizegiveawayfree.cyou"; classtype:web-application-activity; sid:300000403; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000404; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000405; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourluckytoday.club"; classtype:web-application-activity; sid:300000406; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000407; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000408; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zalando-prive.es"; classtype:web-application-activity; sid:300000409; rev:1;)

dist/pup-filter-unbound.conf

@@ -1,6 +1,6 @@
 # Title: PUP Domains Unbound Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@ local-zone: "aikoo.club" always_nxdomain
 local-zone: "amobil.online" always_nxdomain
 local-zone: "appsto.cloud" always_nxdomain
 local-zone: "appzfirer.biz" always_nxdomain
-local-zone: "armorprovpn.me" always_nxdomain
 local-zone: "atprofessor.fun" always_nxdomain
 local-zone: "atwater.org" always_nxdomain
 local-zone: "auto-car-search.site" always_nxdomain
@@ -59,17 +58,18 @@ local-zone: "credit-monitoring-360.xyz" always_nxdomain
 local-zone: "curfiositystream.com" always_nxdomain
 local-zone: "curiositydstream.com" always_nxdomain
 local-zone: "curuiositystream.com" always_nxdomain
+local-zone: "dailyrep.net" always_nxdomain
 local-zone: "darkview.org" always_nxdomain
 local-zone: "dayinlife.net" always_nxdomain
 local-zone: "dealmedia.club" always_nxdomain
 local-zone: "dealmedia.website" always_nxdomain
 local-zone: "dealmedia.xyz" always_nxdomain
 local-zone: "dealsify.net" always_nxdomain
-local-zone: "defensepro.me" always_nxdomain
 local-zone: "discoveryfeed.org" always_nxdomain
 local-zone: "earlyprogress.info" always_nxdomain
 local-zone: "efladn.club" always_nxdomain
 local-zone: "elpelades.club" always_nxdomain
+local-zone: "enjoy-asteroid.xyz" always_nxdomain
 local-zone: "enjoy-star.xyz" always_nxdomain
 local-zone: "enjoy1mountain.xyz" always_nxdomain
 local-zone: "enjoy1ocean.xyz" always_nxdomain
@@ -94,7 +94,6 @@ local-zone: "fisudauh.top" always_nxdomain
 local-zone: "flash-rewards.info" always_nxdomain
 local-zone: "freewareappsstreamfast-best.digital" always_nxdomain
 local-zone: "freewareappsstreamfastall.digital" always_nxdomain
-local-zone: "funanime.me" always_nxdomain
 local-zone: "funny-media.ru" always_nxdomain
 local-zone: "funspine.xyz" always_nxdomain
 local-zone: "genertellife.it" always_nxdomain
@@ -130,6 +129,7 @@ local-zone: "installprecisehighlythefile.vip" always_nxdomain
 local-zone: "installprogressiveintenselythefile.vip" always_nxdomain
 local-zone: "intelectaction.ru" always_nxdomain
 local-zone: "investinfo.net" always_nxdomain
+local-zone: "ipaint.us" always_nxdomain
 local-zone: "ironprovpn.me" always_nxdomain
 local-zone: "isystemupdate.cloud" always_nxdomain
 local-zone: "jetsummer.xyz" always_nxdomain
@@ -250,6 +250,7 @@ local-zone: "pandawinterb.xyz" always_nxdomain
 local-zone: "pandawinterc.xyz" always_nxdomain
 local-zone: "pandawinterd.xyz" always_nxdomain
 local-zone: "pandawintere.xyz" always_nxdomain
+local-zone: "pandawinterf.xyz" always_nxdomain
 local-zone: "pcsecurity-live.xyz" always_nxdomain
 local-zone: "peterhahn.be" always_nxdomain
 local-zone: "photo-explorer.org" always_nxdomain
@@ -282,7 +283,6 @@ local-zone: "playwintere.xyz" always_nxdomain
 local-zone: "playwinterf.xyz" always_nxdomain
 local-zone: "ppploanchoices.site" always_nxdomain
 local-zone: "prize-messsages.casa" always_nxdomain
-local-zone: "producthunter.club" always_nxdomain
 local-zone: "profitsurvey365.online" always_nxdomain
 local-zone: "proprotect.me" always_nxdomain
 local-zone: "prosecurityvpn.me" always_nxdomain
@@ -298,7 +298,6 @@ local-zone: "real-buy.net" always_nxdomain
 local-zone: "rewardgivingrealspecialoffer.cyou" always_nxdomain
 local-zone: "rewards-promotion-winner-super.cyou" always_nxdomain
 local-zone: "rewardspromotionwinnersuper.cyou" always_nxdomain
-local-zone: "robogarden.io" always_nxdomain
 local-zone: "runadvanced-bestgreatlyfile.best" always_nxdomain
 local-zone: "rungreatly-bestadvancedfile.best" always_nxdomain
 local-zone: "safeguide.net" always_nxdomain
@@ -307,7 +306,6 @@ local-zone: "search4theupdatefree.work" always_nxdomain
 local-zone: "search4theupgradeset.info" always_nxdomain
 local-zone: "search4upgradingset.info" always_nxdomain
 local-zone: "searchmgr.online" always_nxdomain
-local-zone: "securitevpn.me" always_nxdomain
 local-zone: "securityvpnpro.me" always_nxdomain
 local-zone: "sergey-tracks.xyz" always_nxdomain
 local-zone: "settothereliableupgradingnew.work" always_nxdomain
@@ -348,9 +346,11 @@ local-zone: "syncubercurrentfiles.best" always_nxdomain
 local-zone: "systemupdateme.solutions" always_nxdomain
 local-zone: "systemupdatit.club" always_nxdomain
 local-zone: "technoblogs.net" always_nxdomain
+local-zone: "technologypartners.net" always_nxdomain
 local-zone: "thanksyoursupport.club" always_nxdomain
 local-zone: "the-star.xyz" always_nxdomain
 local-zone: "the1star.xyz" always_nxdomain
+local-zone: "the1volcano.xyz" always_nxdomain
 local-zone: "the7plains.xyz" always_nxdomain
 local-zone: "the7volcano.xyz" always_nxdomain
 local-zone: "theaasteroid.xyz" always_nxdomain
@@ -390,10 +390,12 @@ local-zone: "web-security.ml" always_nxdomain
 local-zone: "webtactics.ca" always_nxdomain
 local-zone: "west1asteroid.xyz" always_nxdomain
 local-zone: "west1ocean.xyz" always_nxdomain
+local-zone: "west1plains.xyz" always_nxdomain
 local-zone: "west1sky.xyz" always_nxdomain
 local-zone: "west1star.xyz" always_nxdomain
 local-zone: "westaasteroid.xyz" always_nxdomain
 local-zone: "westaocean.xyz" always_nxdomain
+local-zone: "westaplanet.xyz" always_nxdomain
 local-zone: "westasea.xyz" always_nxdomain
 local-zone: "westastar.xyz" always_nxdomain
 local-zone: "winnerbigwingiveawaysuper.cyou" always_nxdomain

dist/pup-filter-vivaldi.txt

@@ -1,6 +1,6 @@
 ! Title: PUP Domains Blocklist (Vivaldi)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 23 Oct 2021 12:02:25 +0000
+! Updated: Sun, 24 Oct 2021 00:02:57 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@
 ||amobil.online$document
 ||appsto.cloud$document
 ||appzfirer.biz$document
-||armorprovpn.me$document
 ||atprofessor.fun$document
 ||atwater.org$document
 ||auto-car-search.site$document
@@ -59,17 +58,18 @@
 ||curfiositystream.com$document
 ||curiositydstream.com$document
 ||curuiositystream.com$document
+||dailyrep.net$document
 ||darkview.org$document
 ||dayinlife.net$document
 ||dealmedia.club$document
 ||dealmedia.website$document
 ||dealmedia.xyz$document
 ||dealsify.net$document
-||defensepro.me$document
 ||discoveryfeed.org$document
 ||earlyprogress.info$document
 ||efladn.club$document
 ||elpelades.club$document
+||enjoy-asteroid.xyz$document
 ||enjoy-star.xyz$document
 ||enjoy1mountain.xyz$document
 ||enjoy1ocean.xyz$document
@@ -94,7 +94,6 @@
 ||flash-rewards.info$document
 ||freewareappsstreamfast-best.digital$document
 ||freewareappsstreamfastall.digital$document
-||funanime.me$document
 ||funny-media.ru$document
 ||funspine.xyz$document
 ||genertellife.it$document
@@ -130,6 +129,7 @@
 ||installprogressiveintenselythefile.vip$document
 ||intelectaction.ru$document
 ||investinfo.net$document
+||ipaint.us$document
 ||ironprovpn.me$document
 ||isystemupdate.cloud$document
 ||jetsummer.xyz$document
@@ -250,6 +250,7 @@
 ||pandawinterc.xyz$document
 ||pandawinterd.xyz$document
 ||pandawintere.xyz$document
+||pandawinterf.xyz$document
 ||pcsecurity-live.xyz$document
 ||peterhahn.be$document
 ||photo-explorer.org$document
@@ -282,7 +283,6 @@
 ||playwinterf.xyz$document
 ||ppploanchoices.site$document
 ||prize-messsages.casa$document
-||producthunter.club$document
 ||profitsurvey365.online$document
 ||proprotect.me$document
 ||prosecurityvpn.me$document
@@ -298,7 +298,6 @@
 ||rewardgivingrealspecialoffer.cyou$document
 ||rewards-promotion-winner-super.cyou$document
 ||rewardspromotionwinnersuper.cyou$document
-||robogarden.io$document
 ||runadvanced-bestgreatlyfile.best$document
 ||rungreatly-bestadvancedfile.best$document
 ||safeguide.net$document
@@ -307,7 +306,6 @@
 ||search4theupgradeset.info$document
 ||search4upgradingset.info$document
 ||searchmgr.online$document
-||securitevpn.me$document
 ||securityvpnpro.me$document
 ||sergey-tracks.xyz$document
 ||settothereliableupgradingnew.work$document
@@ -348,9 +346,11 @@
 ||systemupdateme.solutions$document
 ||systemupdatit.club$document
 ||technoblogs.net$document
+||technologypartners.net$document
 ||thanksyoursupport.club$document
 ||the-star.xyz$document
 ||the1star.xyz$document
+||the1volcano.xyz$document
 ||the7plains.xyz$document
 ||the7volcano.xyz$document
 ||theaasteroid.xyz$document
@@ -390,10 +390,12 @@
 ||webtactics.ca$document
 ||west1asteroid.xyz$document
 ||west1ocean.xyz$document
+||west1plains.xyz$document
 ||west1sky.xyz$document
 ||west1star.xyz$document
 ||westaasteroid.xyz$document
 ||westaocean.xyz$document
+||westaplanet.xyz$document
 ||westasea.xyz$document
 ||westastar.xyz$document
 ||winnerbigwingiveawaysuper.cyou$document

dist/pup-filter.tpl

@@ -1,7 +1,7 @@
 msFilterList
 # Title: PUP Hosts Blocklist (IE)
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 23 Oct 2021 12:02:25 +0000
+# Updated: Sun, 24 Oct 2021 00:02:57 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -16,7 +16,6 @@ msFilterList
 -d amobil.online
 -d appsto.cloud
 -d appzfirer.biz
--d armorprovpn.me
 -d atprofessor.fun
 -d atwater.org
 -d auto-car-search.site
@@ -62,17 +61,18 @@ msFilterList
 -d curfiositystream.com
 -d curiositydstream.com
 -d curuiositystream.com
+-d dailyrep.net
 -d darkview.org
 -d dayinlife.net
 -d dealmedia.club
 -d dealmedia.website
 -d dealmedia.xyz
 -d dealsify.net
--d defensepro.me
 -d discoveryfeed.org
 -d earlyprogress.info
 -d efladn.club
 -d elpelades.club
+-d enjoy-asteroid.xyz
 -d enjoy-star.xyz
 -d enjoy1mountain.xyz
 -d enjoy1ocean.xyz
@@ -97,7 +97,6 @@ msFilterList
 -d flash-rewards.info
 -d freewareappsstreamfast-best.digital
 -d freewareappsstreamfastall.digital
--d funanime.me
 -d funny-media.ru
 -d funspine.xyz
 -d genertellife.it
@@ -133,6 +132,7 @@ msFilterList
 -d installprogressiveintenselythefile.vip
 -d intelectaction.ru
 -d investinfo.net
+-d ipaint.us
 -d ironprovpn.me
 -d isystemupdate.cloud
 -d jetsummer.xyz
@@ -253,6 +253,7 @@ msFilterList
 -d pandawinterc.xyz
 -d pandawinterd.xyz
 -d pandawintere.xyz
+-d pandawinterf.xyz
 -d pcsecurity-live.xyz
 -d peterhahn.be
 -d photo-explorer.org
@@ -285,7 +286,6 @@ msFilterList
 -d playwinterf.xyz
 -d ppploanchoices.site
 -d prize-messsages.casa
--d producthunter.club
 -d profitsurvey365.online
 -d proprotect.me
 -d prosecurityvpn.me
@@ -301,7 +301,6 @@ msFilterList
 -d rewardgivingrealspecialoffer.cyou
 -d rewards-promotion-winner-super.cyou
 -d rewardspromotionwinnersuper.cyou
--d robogarden.io
 -d runadvanced-bestgreatlyfile.best
 -d rungreatly-bestadvancedfile.best
 -d safeguide.net
@@ -310,7 +309,6 @@ msFilterList
 -d search4theupgradeset.info
 -d search4upgradingset.info
 -d searchmgr.online
--d securitevpn.me
 -d securityvpnpro.me
 -d sergey-tracks.xyz
 -d settothereliableupgradingnew.work
@@ -351,9 +349,11 @@ msFilterList
 -d systemupdateme.solutions
 -d systemupdatit.club
 -d technoblogs.net
+-d technologypartners.net
 -d thanksyoursupport.club
 -d the-star.xyz
 -d the1star.xyz
+-d the1volcano.xyz
 -d the7plains.xyz
 -d the7volcano.xyz
 -d theaasteroid.xyz
@@ -393,10 +393,12 @@ msFilterList
 -d webtactics.ca
 -d west1asteroid.xyz
 -d west1ocean.xyz
+-d west1plains.xyz
 -d west1sky.xyz
 -d west1star.xyz
 -d westaasteroid.xyz
 -d westaocean.xyz
+-d westaplanet.xyz
 -d westasea.xyz
 -d westastar.xyz
 -d winnerbigwingiveawaysuper.cyou

dist/pup-filter.txt

@@ -1,6 +1,6 @@
 ! Title: PUP Domains Blocklist
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 23 Oct 2021 12:02:25 +0000
+! Updated: Sun, 24 Oct 2021 00:02:57 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
@@ -13,7 +13,6 @@ aikoo.club
 amobil.online
 appsto.cloud
 appzfirer.biz
-armorprovpn.me
 atprofessor.fun
 atwater.org
 auto-car-search.site
@@ -59,17 +58,18 @@ credit-monitoring-360.xyz
 curfiositystream.com
 curiositydstream.com
 curuiositystream.com
+dailyrep.net
 darkview.org
 dayinlife.net
 dealmedia.club
 dealmedia.website
 dealmedia.xyz
 dealsify.net
-defensepro.me
 discoveryfeed.org
 earlyprogress.info
 efladn.club
 elpelades.club
+enjoy-asteroid.xyz
 enjoy-star.xyz
 enjoy1mountain.xyz
 enjoy1ocean.xyz
@@ -94,7 +94,6 @@ fisudauh.top
 flash-rewards.info
 freewareappsstreamfast-best.digital
 freewareappsstreamfastall.digital
-funanime.me
 funny-media.ru
 funspine.xyz
 genertellife.it
@@ -130,6 +129,7 @@ installprecisehighlythefile.vip
 installprogressiveintenselythefile.vip
 intelectaction.ru
 investinfo.net
+ipaint.us
 ironprovpn.me
 isystemupdate.cloud
 jetsummer.xyz
@@ -250,6 +250,7 @@ pandawinterb.xyz
 pandawinterc.xyz
 pandawinterd.xyz
 pandawintere.xyz
+pandawinterf.xyz
 pcsecurity-live.xyz
 peterhahn.be
 photo-explorer.org
@@ -282,7 +283,6 @@ playwintere.xyz
 playwinterf.xyz
 ppploanchoices.site
 prize-messsages.casa
-producthunter.club
 profitsurvey365.online
 proprotect.me
 prosecurityvpn.me
@@ -298,7 +298,6 @@ real-buy.net
 rewardgivingrealspecialoffer.cyou
 rewards-promotion-winner-super.cyou
 rewardspromotionwinnersuper.cyou
-robogarden.io
 runadvanced-bestgreatlyfile.best
 rungreatly-bestadvancedfile.best
 safeguide.net
@@ -307,7 +306,6 @@ search4theupdatefree.work
 search4theupgradeset.info
 search4upgradingset.info
 searchmgr.online
-securitevpn.me
 securityvpnpro.me
 sergey-tracks.xyz
 settothereliableupgradingnew.work
@@ -348,9 +346,11 @@ syncubercurrentfiles.best
 systemupdateme.solutions
 systemupdatit.club
 technoblogs.net
+technologypartners.net
 thanksyoursupport.club
 the-star.xyz
 the1star.xyz
+the1volcano.xyz
 the7plains.xyz
 the7volcano.xyz
 theaasteroid.xyz
@@ -390,10 +390,12 @@ web-security.ml
 webtactics.ca
 west1asteroid.xyz
 west1ocean.xyz
+west1plains.xyz
 west1sky.xyz
 west1star.xyz
 westaasteroid.xyz
 westaocean.xyz
+westaplanet.xyz
 westasea.xyz
 westastar.xyz
 winnerbigwingiveawaysuper.cyou