Filter updated: Sun, 12 Dec 2021 00:02:44 +0000

dist/pup-filter-ag.txt

@@ -1,13 +1,12 @@
 ! Title: PUP Domains Blocklist (AdGuard)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 11 Dec 2021 12:02:31 +0000
+! Updated: Sun, 12 Dec 2021 00:02:44 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
 ! Source: https://github.com/zhouhanc/malware-discoverer
 ||aikoo.club$all
 ||am-harder-stock-corn.xyz$all
-||amobil.online$all
 ||android-browser.live$all
 ||android-web.live$all
 ||aphicus.xyz$all
@@ -30,6 +29,7 @@
 ||boot-upheavily-bestquickfile.best$all
 ||boot-upheavily-bestsophisticatedfile.best$all
 ||boot-upsophisticated-bestoverlyfile.best$all
+||brightlifestyle.org$all
 ||cautelous132.xyz$all
 ||center-plains.xyz$all
 ||center-planet.xyz$all
@@ -69,7 +69,6 @@
 ||dayinlife.net$all
 ||dealsify.net$all
 ||deepapp.click$all
-||downansurface.top$all
 ||efladn.club$all
 ||elpelades.club$all
 ||enjoy-asteroid.xyz$all
@@ -89,6 +88,7 @@
 ||enjoyastar.xyz$all
 ||enjoyavolcano.xyz$all
 ||euronordvpn.com$all
+||evaing.live$all
 ||expatriates.pk$all
 ||exploreshops.net$all
 ||fastfactsonline.co$all
@@ -179,6 +179,7 @@
 ||lubbockeda.org$all
 ||lucky-worldwide-prize-random.rest$all
 ||luckyworldwideprizerandom.rest$all
+||makingbettermoney.co$all
 ||marketloans.net$all
 ||mazestation.games$all
 ||mediaadvanced.ru$all
@@ -195,7 +196,6 @@
 ||mobiaplanet.xyz$all
 ||mobiastar.xyz$all
 ||mobiavolcano.xyz$all
-||mobyfox.shop$all
 ||mybesthealthplan.org$all
 ||nettrafficpartners.net$all
 ||news-daluku.cc$all

dist/pup-filter-agh.txt

@@ -1,13 +1,12 @@
 ! Title: PUP Domains Blocklist (AdGuard Home)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 11 Dec 2021 12:02:31 +0000
+! Updated: Sun, 12 Dec 2021 00:02:44 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
 ! Source: https://github.com/zhouhanc/malware-discoverer
 ||aikoo.club^
 ||am-harder-stock-corn.xyz^
-||amobil.online^
 ||android-browser.live^
 ||android-web.live^
 ||aphicus.xyz^
@@ -30,6 +29,7 @@
 ||boot-upheavily-bestquickfile.best^
 ||boot-upheavily-bestsophisticatedfile.best^
 ||boot-upsophisticated-bestoverlyfile.best^
+||brightlifestyle.org^
 ||cautelous132.xyz^
 ||center-plains.xyz^
 ||center-planet.xyz^
@@ -69,7 +69,6 @@
 ||dayinlife.net^
 ||dealsify.net^
 ||deepapp.click^
-||downansurface.top^
 ||efladn.club^
 ||elpelades.club^
 ||enjoy-asteroid.xyz^
@@ -89,6 +88,7 @@
 ||enjoyastar.xyz^
 ||enjoyavolcano.xyz^
 ||euronordvpn.com^
+||evaing.live^
 ||expatriates.pk^
 ||exploreshops.net^
 ||fastfactsonline.co^
@@ -179,6 +179,7 @@
 ||lubbockeda.org^
 ||lucky-worldwide-prize-random.rest^
 ||luckyworldwideprizerandom.rest^
+||makingbettermoney.co^
 ||marketloans.net^
 ||mazestation.games^
 ||mediaadvanced.ru^
@@ -195,7 +196,6 @@
 ||mobiaplanet.xyz^
 ||mobiastar.xyz^
 ||mobiavolcano.xyz^
-||mobyfox.shop^
 ||mybesthealthplan.org^
 ||nettrafficpartners.net^
 ||news-daluku.cc^

dist/pup-filter-bind.conf

@@ -1,13 +1,12 @@
 # Title: PUP Domains BIND Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 zone "aikoo.club" { type master; notify no; file "null.zone.file"; };
 zone "am-harder-stock-corn.xyz" { type master; notify no; file "null.zone.file"; };
-zone "amobil.online" { type master; notify no; file "null.zone.file"; };
 zone "android-browser.live" { type master; notify no; file "null.zone.file"; };
 zone "android-web.live" { type master; notify no; file "null.zone.file"; };
 zone "aphicus.xyz" { type master; notify no; file "null.zone.file"; };
@@ -30,6 +29,7 @@ zone "bluetiger.cloud" { type master; notify no; file "null.zone.file"; };
 zone "boot-upheavily-bestquickfile.best" { type master; notify no; file "null.zone.file"; };
 zone "boot-upheavily-bestsophisticatedfile.best" { type master; notify no; file "null.zone.file"; };
 zone "boot-upsophisticated-bestoverlyfile.best" { type master; notify no; file "null.zone.file"; };
+zone "brightlifestyle.org" { type master; notify no; file "null.zone.file"; };
 zone "cautelous132.xyz" { type master; notify no; file "null.zone.file"; };
 zone "center-plains.xyz" { type master; notify no; file "null.zone.file"; };
 zone "center-planet.xyz" { type master; notify no; file "null.zone.file"; };
@@ -69,7 +69,6 @@ zone "darkview.org" { type master; notify no; file "null.zone.file"; };
 zone "dayinlife.net" { type master; notify no; file "null.zone.file"; };
 zone "dealsify.net" { type master; notify no; file "null.zone.file"; };
 zone "deepapp.click" { type master; notify no; file "null.zone.file"; };
-zone "downansurface.top" { type master; notify no; file "null.zone.file"; };
 zone "efladn.club" { type master; notify no; file "null.zone.file"; };
 zone "elpelades.club" { type master; notify no; file "null.zone.file"; };
 zone "enjoy-asteroid.xyz" { type master; notify no; file "null.zone.file"; };
@@ -89,6 +88,7 @@ zone "enjoyasky.xyz" { type master; notify no; file "null.zone.file"; };
 zone "enjoyastar.xyz" { type master; notify no; file "null.zone.file"; };
 zone "enjoyavolcano.xyz" { type master; notify no; file "null.zone.file"; };
 zone "euronordvpn.com" { type master; notify no; file "null.zone.file"; };
+zone "evaing.live" { type master; notify no; file "null.zone.file"; };
 zone "expatriates.pk" { type master; notify no; file "null.zone.file"; };
 zone "exploreshops.net" { type master; notify no; file "null.zone.file"; };
 zone "fastfactsonline.co" { type master; notify no; file "null.zone.file"; };
@@ -179,6 +179,7 @@ zone "loveorfun.cc" { type master; notify no; file "null.zone.file"; };
 zone "lubbockeda.org" { type master; notify no; file "null.zone.file"; };
 zone "lucky-worldwide-prize-random.rest" { type master; notify no; file "null.zone.file"; };
 zone "luckyworldwideprizerandom.rest" { type master; notify no; file "null.zone.file"; };
+zone "makingbettermoney.co" { type master; notify no; file "null.zone.file"; };
 zone "marketloans.net" { type master; notify no; file "null.zone.file"; };
 zone "mazestation.games" { type master; notify no; file "null.zone.file"; };
 zone "mediaadvanced.ru" { type master; notify no; file "null.zone.file"; };
@@ -195,7 +196,6 @@ zone "mobiaocean.xyz" { type master; notify no; file "null.zone.file"; };
 zone "mobiaplanet.xyz" { type master; notify no; file "null.zone.file"; };
 zone "mobiastar.xyz" { type master; notify no; file "null.zone.file"; };
 zone "mobiavolcano.xyz" { type master; notify no; file "null.zone.file"; };
-zone "mobyfox.shop" { type master; notify no; file "null.zone.file"; };
 zone "mybesthealthplan.org" { type master; notify no; file "null.zone.file"; };
 zone "nettrafficpartners.net" { type master; notify no; file "null.zone.file"; };
 zone "news-daluku.cc" { type master; notify no; file "null.zone.file"; };

dist/pup-filter-dnscrypt-blocked-names.txt

@@ -1,13 +1,12 @@
 # Title: PUP Names Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 aikoo.club
 am-harder-stock-corn.xyz
-amobil.online
 android-browser.live
 android-web.live
 aphicus.xyz
@@ -30,6 +29,7 @@ bluetiger.cloud
 boot-upheavily-bestquickfile.best
 boot-upheavily-bestsophisticatedfile.best
 boot-upsophisticated-bestoverlyfile.best
+brightlifestyle.org
 cautelous132.xyz
 center-plains.xyz
 center-planet.xyz
@@ -69,7 +69,6 @@ darkview.org
 dayinlife.net
 dealsify.net
 deepapp.click
-downansurface.top
 efladn.club
 elpelades.club
 enjoy-asteroid.xyz
@@ -89,6 +88,7 @@ enjoyasky.xyz
 enjoyastar.xyz
 enjoyavolcano.xyz
 euronordvpn.com
+evaing.live
 expatriates.pk
 exploreshops.net
 fastfactsonline.co
@@ -179,6 +179,7 @@ loveorfun.cc
 lubbockeda.org
 lucky-worldwide-prize-random.rest
 luckyworldwideprizerandom.rest
+makingbettermoney.co
 marketloans.net
 mazestation.games
 mediaadvanced.ru
@@ -195,7 +196,6 @@ mobiaocean.xyz
 mobiaplanet.xyz
 mobiastar.xyz
 mobiavolcano.xyz
-mobyfox.shop
 mybesthealthplan.org
 nettrafficpartners.net
 news-daluku.cc

dist/pup-filter-dnsmasq.conf

@@ -1,13 +1,12 @@
 # Title: PUP Domains dnsmasq Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 address=/aikoo.club/0.0.0.0
 address=/am-harder-stock-corn.xyz/0.0.0.0
-address=/amobil.online/0.0.0.0
 address=/android-browser.live/0.0.0.0
 address=/android-web.live/0.0.0.0
 address=/aphicus.xyz/0.0.0.0
@@ -30,6 +29,7 @@ address=/bluetiger.cloud/0.0.0.0
 address=/boot-upheavily-bestquickfile.best/0.0.0.0
 address=/boot-upheavily-bestsophisticatedfile.best/0.0.0.0
 address=/boot-upsophisticated-bestoverlyfile.best/0.0.0.0
+address=/brightlifestyle.org/0.0.0.0
 address=/cautelous132.xyz/0.0.0.0
 address=/center-plains.xyz/0.0.0.0
 address=/center-planet.xyz/0.0.0.0
@@ -69,7 +69,6 @@ address=/darkview.org/0.0.0.0
 address=/dayinlife.net/0.0.0.0
 address=/dealsify.net/0.0.0.0
 address=/deepapp.click/0.0.0.0
-address=/downansurface.top/0.0.0.0
 address=/efladn.club/0.0.0.0
 address=/elpelades.club/0.0.0.0
 address=/enjoy-asteroid.xyz/0.0.0.0
@@ -89,6 +88,7 @@ address=/enjoyasky.xyz/0.0.0.0
 address=/enjoyastar.xyz/0.0.0.0
 address=/enjoyavolcano.xyz/0.0.0.0
 address=/euronordvpn.com/0.0.0.0
+address=/evaing.live/0.0.0.0
 address=/expatriates.pk/0.0.0.0
 address=/exploreshops.net/0.0.0.0
 address=/fastfactsonline.co/0.0.0.0
@@ -179,6 +179,7 @@ address=/loveorfun.cc/0.0.0.0
 address=/lubbockeda.org/0.0.0.0
 address=/lucky-worldwide-prize-random.rest/0.0.0.0
 address=/luckyworldwideprizerandom.rest/0.0.0.0
+address=/makingbettermoney.co/0.0.0.0
 address=/marketloans.net/0.0.0.0
 address=/mazestation.games/0.0.0.0
 address=/mediaadvanced.ru/0.0.0.0
@@ -195,7 +196,6 @@ address=/mobiaocean.xyz/0.0.0.0
 address=/mobiaplanet.xyz/0.0.0.0
 address=/mobiastar.xyz/0.0.0.0
 address=/mobiavolcano.xyz/0.0.0.0
-address=/mobyfox.shop/0.0.0.0
 address=/mybesthealthplan.org/0.0.0.0
 address=/nettrafficpartners.net/0.0.0.0
 address=/news-daluku.cc/0.0.0.0

dist/pup-filter-domains.txt

@@ -1,13 +1,12 @@
 # Title: PUP Domains Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 aikoo.club
 am-harder-stock-corn.xyz
-amobil.online
 android-browser.live
 android-web.live
 aphicus.xyz
@@ -30,6 +29,7 @@ bluetiger.cloud
 boot-upheavily-bestquickfile.best
 boot-upheavily-bestsophisticatedfile.best
 boot-upsophisticated-bestoverlyfile.best
+brightlifestyle.org
 cautelous132.xyz
 center-plains.xyz
 center-planet.xyz
@@ -69,7 +69,6 @@ darkview.org
 dayinlife.net
 dealsify.net
 deepapp.click
-downansurface.top
 efladn.club
 elpelades.club
 enjoy-asteroid.xyz
@@ -89,6 +88,7 @@ enjoyasky.xyz
 enjoyastar.xyz
 enjoyavolcano.xyz
 euronordvpn.com
+evaing.live
 expatriates.pk
 exploreshops.net
 fastfactsonline.co
@@ -179,6 +179,7 @@ loveorfun.cc
 lubbockeda.org
 lucky-worldwide-prize-random.rest
 luckyworldwideprizerandom.rest
+makingbettermoney.co
 marketloans.net
 mazestation.games
 mediaadvanced.ru
@@ -195,7 +196,6 @@ mobiaocean.xyz
 mobiaplanet.xyz
 mobiastar.xyz
 mobiavolcano.xyz
-mobyfox.shop
 mybesthealthplan.org
 nettrafficpartners.net
 news-daluku.cc

dist/pup-filter-hosts.txt

@@ -1,13 +1,12 @@
 # Title: PUP Hosts Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 0.0.0.0 aikoo.club
 0.0.0.0 am-harder-stock-corn.xyz
-0.0.0.0 amobil.online
 0.0.0.0 android-browser.live
 0.0.0.0 android-web.live
 0.0.0.0 aphicus.xyz
@@ -30,6 +29,7 @@
 0.0.0.0 boot-upheavily-bestquickfile.best
 0.0.0.0 boot-upheavily-bestsophisticatedfile.best
 0.0.0.0 boot-upsophisticated-bestoverlyfile.best
+0.0.0.0 brightlifestyle.org
 0.0.0.0 cautelous132.xyz
 0.0.0.0 center-plains.xyz
 0.0.0.0 center-planet.xyz
@@ -69,7 +69,6 @@
 0.0.0.0 dayinlife.net
 0.0.0.0 dealsify.net
 0.0.0.0 deepapp.click
-0.0.0.0 downansurface.top
 0.0.0.0 efladn.club
 0.0.0.0 elpelades.club
 0.0.0.0 enjoy-asteroid.xyz
@@ -89,6 +88,7 @@
 0.0.0.0 enjoyastar.xyz
 0.0.0.0 enjoyavolcano.xyz
 0.0.0.0 euronordvpn.com
+0.0.0.0 evaing.live
 0.0.0.0 expatriates.pk
 0.0.0.0 exploreshops.net
 0.0.0.0 fastfactsonline.co
@@ -179,6 +179,7 @@
 0.0.0.0 lubbockeda.org
 0.0.0.0 lucky-worldwide-prize-random.rest
 0.0.0.0 luckyworldwideprizerandom.rest
+0.0.0.0 makingbettermoney.co
 0.0.0.0 marketloans.net
 0.0.0.0 mazestation.games
 0.0.0.0 mediaadvanced.ru
@@ -195,7 +196,6 @@
 0.0.0.0 mobiaplanet.xyz
 0.0.0.0 mobiastar.xyz
 0.0.0.0 mobiavolcano.xyz
-0.0.0.0 mobyfox.shop
 0.0.0.0 mybesthealthplan.org
 0.0.0.0 nettrafficpartners.net
 0.0.0.0 news-daluku.cc

dist/pup-filter-rpz.conf

@@ -1,18 +1,17 @@
 ; Title: PUP Domains RPZ Blocklist
 ; Description: Block domains that host potentially unwanted programs (PUP)
-; Updated: Sat, 11 Dec 2021 12:02:31 +0000
+; Updated: Sun, 12 Dec 2021 00:02:44 +0000
 ; Expires: 1 day (update frequency)
 ; Homepage: https://gitlab.com/curben/pup-filter
 ; License: https://gitlab.com/curben/pup-filter#license
 ; Source: https://github.com/zhouhanc/malware-discoverer
 
 $TTL 30
-@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1639224151 86400 3600 604800 30
+@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1639267364 86400 3600 604800 30
  NS localhost.
 
 aikoo.club CNAME .
 am-harder-stock-corn.xyz CNAME .
-amobil.online CNAME .
 android-browser.live CNAME .
 android-web.live CNAME .
 aphicus.xyz CNAME .
@@ -35,6 +34,7 @@ bluetiger.cloud CNAME .
 boot-upheavily-bestquickfile.best CNAME .
 boot-upheavily-bestsophisticatedfile.best CNAME .
 boot-upsophisticated-bestoverlyfile.best CNAME .
+brightlifestyle.org CNAME .
 cautelous132.xyz CNAME .
 center-plains.xyz CNAME .
 center-planet.xyz CNAME .
@@ -74,7 +74,6 @@ darkview.org CNAME .
 dayinlife.net CNAME .
 dealsify.net CNAME .
 deepapp.click CNAME .
-downansurface.top CNAME .
 efladn.club CNAME .
 elpelades.club CNAME .
 enjoy-asteroid.xyz CNAME .
@@ -94,6 +93,7 @@ enjoyasky.xyz CNAME .
 enjoyastar.xyz CNAME .
 enjoyavolcano.xyz CNAME .
 euronordvpn.com CNAME .
+evaing.live CNAME .
 expatriates.pk CNAME .
 exploreshops.net CNAME .
 fastfactsonline.co CNAME .
@@ -184,6 +184,7 @@ loveorfun.cc CNAME .
 lubbockeda.org CNAME .
 lucky-worldwide-prize-random.rest CNAME .
 luckyworldwideprizerandom.rest CNAME .
+makingbettermoney.co CNAME .
 marketloans.net CNAME .
 mazestation.games CNAME .
 mediaadvanced.ru CNAME .
@@ -200,7 +201,6 @@ mobiaocean.xyz CNAME .
 mobiaplanet.xyz CNAME .
 mobiastar.xyz CNAME .
 mobiavolcano.xyz CNAME .
-mobyfox.shop CNAME .
 mybesthealthplan.org CNAME .
 nettrafficpartners.net CNAME .
 news-daluku.cc CNAME .

dist/pup-filter-snort2.rules

@@ -1,35 +1,35 @@
 # Title: PUP Domains Snort2 Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000001; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"am-harder-stock-corn.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"amobil.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-browser.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-web.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aphicus.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beautinow.nl"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"benefiio.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-browser.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-web.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aphicus.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beautinow.nl"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"benefiio.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"brightlifestyle.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cautelous132.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;)
@@ -69,26 +69,26 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dayinlife.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000062; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealsify.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000063; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"deepapp.click"; content:"Host"; http_header; classtype:web-application-activity; sid:300000064; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"downansurface.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000065; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"efladn.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000066; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"elpelades.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000067; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000068; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000069; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000070; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000071; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000072; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyacoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyasky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"euronordvpn.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"efladn.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000065; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"elpelades.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000066; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000067; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000068; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000069; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000070; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000071; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000072; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoy7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyacoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyasky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"enjoyavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"euronordvpn.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"evaing.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"expatriates.pk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"exploreshops.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastfactsonline.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
@@ -179,23 +179,23 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000172; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lucky-worldwide-prize-random.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000173; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckyworldwideprizerandom.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketloans.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mazestation.games"; content:"Host"; http_header; classtype:web-application-activity; sid:300000176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaadvanced.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mistvideo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobyfox.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"makingbettermoney.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000175; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketloans.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000176; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mazestation.games"; content:"Host"; http_header; classtype:web-application-activity; sid:300000177; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaadvanced.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000178; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000179; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mistvideo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000180; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mybesthealthplan.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"news-daluku.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)

dist/pup-filter-snort3.rules

@@ -1,35 +1,35 @@
 # Title: PUP Domains Snort3 Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000001; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"am-harder-stock-corn.xyz",nocase; classtype:web-application-activity; sid:300000002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"amobil.online",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-browser.live",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-web.live",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aphicus.xyz",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beautinow.nl",nocase; classtype:web-application-activity; sid:300000017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"benefiio.org",nocase; classtype:web-application-activity; sid:300000019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-browser.live",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-web.live",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aphicus.xyz",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beautinow.nl",nocase; classtype:web-application-activity; sid:300000016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"benefiio.org",nocase; classtype:web-application-activity; sid:300000018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"brightlifestyle.org",nocase; classtype:web-application-activity; sid:300000025; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cautelous132.xyz",nocase; classtype:web-application-activity; sid:300000026; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000027; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-planet.xyz",nocase; classtype:web-application-activity; sid:300000028; rev:1;)
@@ -69,26 +69,26 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dayinlife.net",nocase; classtype:web-application-activity; sid:300000062; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealsify.net",nocase; classtype:web-application-activity; sid:300000063; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"deepapp.click",nocase; classtype:web-application-activity; sid:300000064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"downansurface.top",nocase; classtype:web-application-activity; sid:300000065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"efladn.club",nocase; classtype:web-application-activity; sid:300000066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"elpelades.club",nocase; classtype:web-application-activity; sid:300000067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-asteroid.xyz",nocase; classtype:web-application-activity; sid:300000068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-coast.xyz",nocase; classtype:web-application-activity; sid:300000069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-sea.xyz",nocase; classtype:web-application-activity; sid:300000070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-star.xyz",nocase; classtype:web-application-activity; sid:300000071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1mountain.xyz",nocase; classtype:web-application-activity; sid:300000072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1ocean.xyz",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1volcano.xyz",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7asteroid.xyz",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7crater.xyz",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7mountain.xyz",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyacoast.xyz",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyacrater.xyz",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyaocean.xyz",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyasky.xyz",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyastar.xyz",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyavolcano.xyz",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"euronordvpn.com",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"efladn.club",nocase; classtype:web-application-activity; sid:300000065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"elpelades.club",nocase; classtype:web-application-activity; sid:300000066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-asteroid.xyz",nocase; classtype:web-application-activity; sid:300000067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-coast.xyz",nocase; classtype:web-application-activity; sid:300000068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-sea.xyz",nocase; classtype:web-application-activity; sid:300000069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy-star.xyz",nocase; classtype:web-application-activity; sid:300000070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1mountain.xyz",nocase; classtype:web-application-activity; sid:300000071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1ocean.xyz",nocase; classtype:web-application-activity; sid:300000072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy1volcano.xyz",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7asteroid.xyz",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7crater.xyz",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoy7mountain.xyz",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyacoast.xyz",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyacrater.xyz",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyaocean.xyz",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyasky.xyz",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyastar.xyz",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"enjoyavolcano.xyz",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"euronordvpn.com",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"evaing.live",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"expatriates.pk",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"exploreshops.net",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastfactsonline.co",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
@@ -179,23 +179,23 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000172; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lucky-worldwide-prize-random.rest",nocase; classtype:web-application-activity; sid:300000173; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckyworldwideprizerandom.rest",nocase; classtype:web-application-activity; sid:300000174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"marketloans.net",nocase; classtype:web-application-activity; sid:300000175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mazestation.games",nocase; classtype:web-application-activity; sid:300000176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaadvanced.ru",nocase; classtype:web-application-activity; sid:300000177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mistvideo.ru",nocase; classtype:web-application-activity; sid:300000179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1crater.xyz",nocase; classtype:web-application-activity; sid:300000180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1mountain.xyz",nocase; classtype:web-application-activity; sid:300000181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1planet.xyz",nocase; classtype:web-application-activity; sid:300000182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sea.xyz",nocase; classtype:web-application-activity; sid:300000183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sky.xyz",nocase; classtype:web-application-activity; sid:300000184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7volcano.xyz",nocase; classtype:web-application-activity; sid:300000185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiacrater.xyz",nocase; classtype:web-application-activity; sid:300000186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaocean.xyz",nocase; classtype:web-application-activity; sid:300000187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaplanet.xyz",nocase; classtype:web-application-activity; sid:300000188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiastar.xyz",nocase; classtype:web-application-activity; sid:300000189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiavolcano.xyz",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobyfox.shop",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"makingbettermoney.co",nocase; classtype:web-application-activity; sid:300000175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"marketloans.net",nocase; classtype:web-application-activity; sid:300000176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mazestation.games",nocase; classtype:web-application-activity; sid:300000177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaadvanced.ru",nocase; classtype:web-application-activity; sid:300000178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mistvideo.ru",nocase; classtype:web-application-activity; sid:300000180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1crater.xyz",nocase; classtype:web-application-activity; sid:300000181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1mountain.xyz",nocase; classtype:web-application-activity; sid:300000182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1planet.xyz",nocase; classtype:web-application-activity; sid:300000183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sea.xyz",nocase; classtype:web-application-activity; sid:300000184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sky.xyz",nocase; classtype:web-application-activity; sid:300000185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7volcano.xyz",nocase; classtype:web-application-activity; sid:300000186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiacrater.xyz",nocase; classtype:web-application-activity; sid:300000187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaocean.xyz",nocase; classtype:web-application-activity; sid:300000188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaplanet.xyz",nocase; classtype:web-application-activity; sid:300000189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiastar.xyz",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiavolcano.xyz",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mybesthealthplan.org",nocase; classtype:web-application-activity; sid:300000192; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"news-daluku.cc",nocase; classtype:web-application-activity; sid:300000194; rev:1;)

dist/pup-filter-suricata.rules

@@ -1,35 +1,35 @@
 # Title: PUP Domains Suricata Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000001; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"am-harder-stock-corn.xyz"; classtype:web-application-activity; sid:300000002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amobil.online"; classtype:web-application-activity; sid:300000003; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-browser.live"; classtype:web-application-activity; sid:300000004; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-web.live"; classtype:web-application-activity; sid:300000005; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aphicus.xyz"; classtype:web-application-activity; sid:300000006; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000007; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000008; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000009; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000010; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000011; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000012; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000013; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000016; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beautinow.nl"; classtype:web-application-activity; sid:300000017; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000018; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"benefiio.org"; classtype:web-application-activity; sid:300000019; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000020; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000021; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000022; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000023; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000024; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000025; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-browser.live"; classtype:web-application-activity; sid:300000003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-web.live"; classtype:web-application-activity; sid:300000004; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aphicus.xyz"; classtype:web-application-activity; sid:300000005; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000006; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000007; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000008; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000009; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000010; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000011; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000012; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000013; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beautinow.nl"; classtype:web-application-activity; sid:300000016; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000017; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"benefiio.org"; classtype:web-application-activity; sid:300000018; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000019; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000020; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000021; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000022; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000023; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000024; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightlifestyle.org"; classtype:web-application-activity; sid:300000025; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cautelous132.xyz"; classtype:web-application-activity; sid:300000026; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000027; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-planet.xyz"; classtype:web-application-activity; sid:300000028; rev:1;)
@@ -69,26 +69,26 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dayinlife.net"; classtype:web-application-activity; sid:300000062; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealsify.net"; classtype:web-application-activity; sid:300000063; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"deepapp.click"; classtype:web-application-activity; sid:300000064; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"downansurface.top"; classtype:web-application-activity; sid:300000065; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efladn.club"; classtype:web-application-activity; sid:300000066; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpelades.club"; classtype:web-application-activity; sid:300000067; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-asteroid.xyz"; classtype:web-application-activity; sid:300000068; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-coast.xyz"; classtype:web-application-activity; sid:300000069; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-sea.xyz"; classtype:web-application-activity; sid:300000070; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-star.xyz"; classtype:web-application-activity; sid:300000071; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1mountain.xyz"; classtype:web-application-activity; sid:300000072; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1ocean.xyz"; classtype:web-application-activity; sid:300000073; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1volcano.xyz"; classtype:web-application-activity; sid:300000074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7asteroid.xyz"; classtype:web-application-activity; sid:300000075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7crater.xyz"; classtype:web-application-activity; sid:300000076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7mountain.xyz"; classtype:web-application-activity; sid:300000077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyacoast.xyz"; classtype:web-application-activity; sid:300000078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyacrater.xyz"; classtype:web-application-activity; sid:300000079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyaocean.xyz"; classtype:web-application-activity; sid:300000080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyasky.xyz"; classtype:web-application-activity; sid:300000081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyastar.xyz"; classtype:web-application-activity; sid:300000082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyavolcano.xyz"; classtype:web-application-activity; sid:300000083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"euronordvpn.com"; classtype:web-application-activity; sid:300000084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efladn.club"; classtype:web-application-activity; sid:300000065; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpelades.club"; classtype:web-application-activity; sid:300000066; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-asteroid.xyz"; classtype:web-application-activity; sid:300000067; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-coast.xyz"; classtype:web-application-activity; sid:300000068; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-sea.xyz"; classtype:web-application-activity; sid:300000069; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy-star.xyz"; classtype:web-application-activity; sid:300000070; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1mountain.xyz"; classtype:web-application-activity; sid:300000071; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1ocean.xyz"; classtype:web-application-activity; sid:300000072; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy1volcano.xyz"; classtype:web-application-activity; sid:300000073; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7asteroid.xyz"; classtype:web-application-activity; sid:300000074; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7crater.xyz"; classtype:web-application-activity; sid:300000075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoy7mountain.xyz"; classtype:web-application-activity; sid:300000076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyacoast.xyz"; classtype:web-application-activity; sid:300000077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyacrater.xyz"; classtype:web-application-activity; sid:300000078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyaocean.xyz"; classtype:web-application-activity; sid:300000079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyasky.xyz"; classtype:web-application-activity; sid:300000080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyastar.xyz"; classtype:web-application-activity; sid:300000081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"enjoyavolcano.xyz"; classtype:web-application-activity; sid:300000082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"euronordvpn.com"; classtype:web-application-activity; sid:300000083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"evaing.live"; classtype:web-application-activity; sid:300000084; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"expatriates.pk"; classtype:web-application-activity; sid:300000085; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"exploreshops.net"; classtype:web-application-activity; sid:300000086; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastfactsonline.co"; classtype:web-application-activity; sid:300000087; rev:1;)
@@ -179,23 +179,23 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000172; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lucky-worldwide-prize-random.rest"; classtype:web-application-activity; sid:300000173; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckyworldwideprizerandom.rest"; classtype:web-application-activity; sid:300000174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketloans.net"; classtype:web-application-activity; sid:300000175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mazestation.games"; classtype:web-application-activity; sid:300000176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaadvanced.ru"; classtype:web-application-activity; sid:300000177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mistvideo.ru"; classtype:web-application-activity; sid:300000179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1crater.xyz"; classtype:web-application-activity; sid:300000180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1mountain.xyz"; classtype:web-application-activity; sid:300000181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1planet.xyz"; classtype:web-application-activity; sid:300000182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sea.xyz"; classtype:web-application-activity; sid:300000183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sky.xyz"; classtype:web-application-activity; sid:300000184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7volcano.xyz"; classtype:web-application-activity; sid:300000185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiacrater.xyz"; classtype:web-application-activity; sid:300000186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaocean.xyz"; classtype:web-application-activity; sid:300000187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaplanet.xyz"; classtype:web-application-activity; sid:300000188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiastar.xyz"; classtype:web-application-activity; sid:300000189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiavolcano.xyz"; classtype:web-application-activity; sid:300000190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobyfox.shop"; classtype:web-application-activity; sid:300000191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"makingbettermoney.co"; classtype:web-application-activity; sid:300000175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketloans.net"; classtype:web-application-activity; sid:300000176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mazestation.games"; classtype:web-application-activity; sid:300000177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaadvanced.ru"; classtype:web-application-activity; sid:300000178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mistvideo.ru"; classtype:web-application-activity; sid:300000180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1crater.xyz"; classtype:web-application-activity; sid:300000181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1mountain.xyz"; classtype:web-application-activity; sid:300000182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1planet.xyz"; classtype:web-application-activity; sid:300000183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sea.xyz"; classtype:web-application-activity; sid:300000184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sky.xyz"; classtype:web-application-activity; sid:300000185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7volcano.xyz"; classtype:web-application-activity; sid:300000186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiacrater.xyz"; classtype:web-application-activity; sid:300000187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaocean.xyz"; classtype:web-application-activity; sid:300000188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaplanet.xyz"; classtype:web-application-activity; sid:300000189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiastar.xyz"; classtype:web-application-activity; sid:300000190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiavolcano.xyz"; classtype:web-application-activity; sid:300000191; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mybesthealthplan.org"; classtype:web-application-activity; sid:300000192; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000193; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"news-daluku.cc"; classtype:web-application-activity; sid:300000194; rev:1;)

dist/pup-filter-unbound.conf

@@ -1,13 +1,12 @@
 # Title: PUP Domains Unbound Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 local-zone: "aikoo.club" always_nxdomain
 local-zone: "am-harder-stock-corn.xyz" always_nxdomain
-local-zone: "amobil.online" always_nxdomain
 local-zone: "android-browser.live" always_nxdomain
 local-zone: "android-web.live" always_nxdomain
 local-zone: "aphicus.xyz" always_nxdomain
@@ -30,6 +29,7 @@ local-zone: "bluetiger.cloud" always_nxdomain
 local-zone: "boot-upheavily-bestquickfile.best" always_nxdomain
 local-zone: "boot-upheavily-bestsophisticatedfile.best" always_nxdomain
 local-zone: "boot-upsophisticated-bestoverlyfile.best" always_nxdomain
+local-zone: "brightlifestyle.org" always_nxdomain
 local-zone: "cautelous132.xyz" always_nxdomain
 local-zone: "center-plains.xyz" always_nxdomain
 local-zone: "center-planet.xyz" always_nxdomain
@@ -69,7 +69,6 @@ local-zone: "darkview.org" always_nxdomain
 local-zone: "dayinlife.net" always_nxdomain
 local-zone: "dealsify.net" always_nxdomain
 local-zone: "deepapp.click" always_nxdomain
-local-zone: "downansurface.top" always_nxdomain
 local-zone: "efladn.club" always_nxdomain
 local-zone: "elpelades.club" always_nxdomain
 local-zone: "enjoy-asteroid.xyz" always_nxdomain
@@ -89,6 +88,7 @@ local-zone: "enjoyasky.xyz" always_nxdomain
 local-zone: "enjoyastar.xyz" always_nxdomain
 local-zone: "enjoyavolcano.xyz" always_nxdomain
 local-zone: "euronordvpn.com" always_nxdomain
+local-zone: "evaing.live" always_nxdomain
 local-zone: "expatriates.pk" always_nxdomain
 local-zone: "exploreshops.net" always_nxdomain
 local-zone: "fastfactsonline.co" always_nxdomain
@@ -179,6 +179,7 @@ local-zone: "loveorfun.cc" always_nxdomain
 local-zone: "lubbockeda.org" always_nxdomain
 local-zone: "lucky-worldwide-prize-random.rest" always_nxdomain
 local-zone: "luckyworldwideprizerandom.rest" always_nxdomain
+local-zone: "makingbettermoney.co" always_nxdomain
 local-zone: "marketloans.net" always_nxdomain
 local-zone: "mazestation.games" always_nxdomain
 local-zone: "mediaadvanced.ru" always_nxdomain
@@ -195,7 +196,6 @@ local-zone: "mobiaocean.xyz" always_nxdomain
 local-zone: "mobiaplanet.xyz" always_nxdomain
 local-zone: "mobiastar.xyz" always_nxdomain
 local-zone: "mobiavolcano.xyz" always_nxdomain
-local-zone: "mobyfox.shop" always_nxdomain
 local-zone: "mybesthealthplan.org" always_nxdomain
 local-zone: "nettrafficpartners.net" always_nxdomain
 local-zone: "news-daluku.cc" always_nxdomain

dist/pup-filter-vivaldi.txt

@@ -1,13 +1,12 @@
 ! Title: PUP Domains Blocklist (Vivaldi)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 11 Dec 2021 12:02:31 +0000
+! Updated: Sun, 12 Dec 2021 00:02:44 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
 ! Source: https://github.com/zhouhanc/malware-discoverer
 ||aikoo.club$document
 ||am-harder-stock-corn.xyz$document
-||amobil.online$document
 ||android-browser.live$document
 ||android-web.live$document
 ||aphicus.xyz$document
@@ -30,6 +29,7 @@
 ||boot-upheavily-bestquickfile.best$document
 ||boot-upheavily-bestsophisticatedfile.best$document
 ||boot-upsophisticated-bestoverlyfile.best$document
+||brightlifestyle.org$document
 ||cautelous132.xyz$document
 ||center-plains.xyz$document
 ||center-planet.xyz$document
@@ -69,7 +69,6 @@
 ||dayinlife.net$document
 ||dealsify.net$document
 ||deepapp.click$document
-||downansurface.top$document
 ||efladn.club$document
 ||elpelades.club$document
 ||enjoy-asteroid.xyz$document
@@ -89,6 +88,7 @@
 ||enjoyastar.xyz$document
 ||enjoyavolcano.xyz$document
 ||euronordvpn.com$document
+||evaing.live$document
 ||expatriates.pk$document
 ||exploreshops.net$document
 ||fastfactsonline.co$document
@@ -179,6 +179,7 @@
 ||lubbockeda.org$document
 ||lucky-worldwide-prize-random.rest$document
 ||luckyworldwideprizerandom.rest$document
+||makingbettermoney.co$document
 ||marketloans.net$document
 ||mazestation.games$document
 ||mediaadvanced.ru$document
@@ -195,7 +196,6 @@
 ||mobiaplanet.xyz$document
 ||mobiastar.xyz$document
 ||mobiavolcano.xyz$document
-||mobyfox.shop$document
 ||mybesthealthplan.org$document
 ||nettrafficpartners.net$document
 ||news-daluku.cc$document

dist/pup-filter.tpl

@@ -1,7 +1,7 @@
 msFilterList
 # Title: PUP Hosts Blocklist (IE)
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Sat, 11 Dec 2021 12:02:31 +0000
+# Updated: Sun, 12 Dec 2021 00:02:44 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@@ -10,7 +10,6 @@ msFilterList
 #
 -d aikoo.club
 -d am-harder-stock-corn.xyz
--d amobil.online
 -d android-browser.live
 -d android-web.live
 -d aphicus.xyz
@@ -33,6 +32,7 @@ msFilterList
 -d boot-upheavily-bestquickfile.best
 -d boot-upheavily-bestsophisticatedfile.best
 -d boot-upsophisticated-bestoverlyfile.best
+-d brightlifestyle.org
 -d cautelous132.xyz
 -d center-plains.xyz
 -d center-planet.xyz
@@ -72,7 +72,6 @@ msFilterList
 -d dayinlife.net
 -d dealsify.net
 -d deepapp.click
--d downansurface.top
 -d efladn.club
 -d elpelades.club
 -d enjoy-asteroid.xyz
@@ -92,6 +91,7 @@ msFilterList
 -d enjoyastar.xyz
 -d enjoyavolcano.xyz
 -d euronordvpn.com
+-d evaing.live
 -d expatriates.pk
 -d exploreshops.net
 -d fastfactsonline.co
@@ -182,6 +182,7 @@ msFilterList
 -d lubbockeda.org
 -d lucky-worldwide-prize-random.rest
 -d luckyworldwideprizerandom.rest
+-d makingbettermoney.co
 -d marketloans.net
 -d mazestation.games
 -d mediaadvanced.ru
@@ -198,7 +199,6 @@ msFilterList
 -d mobiaplanet.xyz
 -d mobiastar.xyz
 -d mobiavolcano.xyz
--d mobyfox.shop
 -d mybesthealthplan.org
 -d nettrafficpartners.net
 -d news-daluku.cc

dist/pup-filter.txt

@@ -1,13 +1,12 @@
 ! Title: PUP Domains Blocklist
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Sat, 11 Dec 2021 12:02:31 +0000
+! Updated: Sun, 12 Dec 2021 00:02:44 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
 ! Source: https://github.com/zhouhanc/malware-discoverer
 aikoo.club
 am-harder-stock-corn.xyz
-amobil.online
 android-browser.live
 android-web.live
 aphicus.xyz
@@ -30,6 +29,7 @@ bluetiger.cloud
 boot-upheavily-bestquickfile.best
 boot-upheavily-bestsophisticatedfile.best
 boot-upsophisticated-bestoverlyfile.best
+brightlifestyle.org
 cautelous132.xyz
 center-plains.xyz
 center-planet.xyz
@@ -69,7 +69,6 @@ darkview.org
 dayinlife.net
 dealsify.net
 deepapp.click
-downansurface.top
 efladn.club
 elpelades.club
 enjoy-asteroid.xyz
@@ -89,6 +88,7 @@ enjoyasky.xyz
 enjoyastar.xyz
 enjoyavolcano.xyz
 euronordvpn.com
+evaing.live
 expatriates.pk
 exploreshops.net
 fastfactsonline.co
@@ -179,6 +179,7 @@ loveorfun.cc
 lubbockeda.org
 lucky-worldwide-prize-random.rest
 luckyworldwideprizerandom.rest
+makingbettermoney.co
 marketloans.net
 mazestation.games
 mediaadvanced.ru
@@ -195,7 +196,6 @@ mobiaocean.xyz
 mobiaplanet.xyz
 mobiastar.xyz
 mobiavolcano.xyz
-mobyfox.shop
 mybesthealthplan.org
 nettrafficpartners.net
 news-daluku.cc