curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter updated: Thu, 18 Nov 2021 12:02:59 +0000

This commit is contained in:
curben-bot 2021-11-18 12:02:59 +00:00
parent b5c6216a2f
commit 75d91e228f
15 changed files with 190 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dist/pup-filter-ag.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 18 Nov 2021 00:03:01 +0000
! Updated: Thu, 18 Nov 2021 12:02:59 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
||4upgradingstablesafe.work$all
||adslauchgo.xyz$all
||aikoo.club$all
||app-track.club$all
||appsto.cloud$all
||appzfirer.biz$all
||arre.work$all
@ -62,6 +61,7 @@
||curfiositystream.com$all
||curiositydstream.com$all
||curuiositystream.com$all
||dailyrep.net$all
||darkview.org$all
||dayinlife.net$all
||discoveryfeed.org$all

4
dist/pup-filter-agh.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard Home)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 18 Nov 2021 00:03:01 +0000
! Updated: Thu, 18 Nov 2021 12:02:59 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
||4upgradingstablesafe.work^
||adslauchgo.xyz^
||aikoo.club^
||app-track.club^
||appsto.cloud^
||appzfirer.biz^
||arre.work^
@ -62,6 +61,7 @@
||curfiositystream.com^
||curiositydstream.com^
||curuiositystream.com^
||dailyrep.net^
||darkview.org^
||dayinlife.net^
||discoveryfeed.org^

4
dist/pup-filter-bind.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains BIND Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
zone "4upgradingstablesafe.work" { type master; notify no; file "null.zone.file"; };
zone "adslauchgo.xyz" { type master; notify no; file "null.zone.file"; };
zone "aikoo.club" { type master; notify no; file "null.zone.file"; };
zone "app-track.club" { type master; notify no; file "null.zone.file"; };
zone "appsto.cloud" { type master; notify no; file "null.zone.file"; };
zone "appzfirer.biz" { type master; notify no; file "null.zone.file"; };
zone "arre.work" { type master; notify no; file "null.zone.file"; };
@ -62,6 +61,7 @@ zone "crowdweightyellow.top" { type master; notify no; file "null.zone.file"; };
zone "curfiositystream.com" { type master; notify no; file "null.zone.file"; };
zone "curiositydstream.com" { type master; notify no; file "null.zone.file"; };
zone "curuiositystream.com" { type master; notify no; file "null.zone.file"; };
zone "dailyrep.net" { type master; notify no; file "null.zone.file"; };
zone "darkview.org" { type master; notify no; file "null.zone.file"; };
zone "dayinlife.net" { type master; notify no; file "null.zone.file"; };
zone "discoveryfeed.org" { type master; notify no; file "null.zone.file"; };

4
dist/pup-filter-dnscrypt-blocked-names.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Names Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
4upgradingstablesafe.work
adslauchgo.xyz
aikoo.club
app-track.club
appsto.cloud
appzfirer.biz
arre.work
@ -62,6 +61,7 @@ crowdweightyellow.top
curfiositystream.com
curiositydstream.com
curuiositystream.com
dailyrep.net
darkview.org
dayinlife.net
discoveryfeed.org

4
dist/pup-filter-dnsmasq.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains dnsmasq Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
address=/4upgradingstablesafe.work/0.0.0.0
address=/adslauchgo.xyz/0.0.0.0
address=/aikoo.club/0.0.0.0
address=/app-track.club/0.0.0.0
address=/appsto.cloud/0.0.0.0
address=/appzfirer.biz/0.0.0.0
address=/arre.work/0.0.0.0
@ -62,6 +61,7 @@ address=/crowdweightyellow.top/0.0.0.0
address=/curfiositystream.com/0.0.0.0
address=/curiositydstream.com/0.0.0.0
address=/curuiositystream.com/0.0.0.0
address=/dailyrep.net/0.0.0.0
address=/darkview.org/0.0.0.0
address=/dayinlife.net/0.0.0.0
address=/discoveryfeed.org/0.0.0.0

4
dist/pup-filter-domains.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
4upgradingstablesafe.work
adslauchgo.xyz
aikoo.club
app-track.club
appsto.cloud
appzfirer.biz
arre.work
@ -62,6 +61,7 @@ crowdweightyellow.top
curfiositystream.com
curiositydstream.com
curuiositystream.com
dailyrep.net
darkview.org
dayinlife.net
discoveryfeed.org

4
dist/pup-filter-hosts.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Hosts Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
0.0.0.0 4upgradingstablesafe.work
0.0.0.0 adslauchgo.xyz
0.0.0.0 aikoo.club
0.0.0.0 app-track.club
0.0.0.0 appsto.cloud
0.0.0.0 appzfirer.biz
0.0.0.0 arre.work
@ -62,6 +61,7 @@
0.0.0.0 curfiositystream.com
0.0.0.0 curiositydstream.com
0.0.0.0 curuiositystream.com
0.0.0.0 dailyrep.net
0.0.0.0 darkview.org
0.0.0.0 dayinlife.net
0.0.0.0 discoveryfeed.org

6
dist/pup-filter-rpz.conf vendored
View File

@ -1,19 +1,18 @@
; Title: PUP Domains RPZ Blocklist
; Description: Block domains that host potentially unwanted programs (PUP)
; Updated: Thu, 18 Nov 2021 00:03:01 +0000
; Updated: Thu, 18 Nov 2021 12:02:59 +0000
; Expires: 1 day (update frequency)
; Homepage: https://gitlab.com/curben/pup-filter
; License: https://gitlab.com/curben/pup-filter#license
; Source: https://github.com/zhouhanc/malware-discoverer
$TTL 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1637193781 86400 3600 604800 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1637236979 86400 3600 604800 30
NS localhost.
4upgradingstablesafe.work CNAME .
adslauchgo.xyz CNAME .
aikoo.club CNAME .
app-track.club CNAME .
appsto.cloud CNAME .
appzfirer.biz CNAME .
arre.work CNAME .
@ -67,6 +66,7 @@ crowdweightyellow.top CNAME .
curfiositystream.com CNAME .
curiositydstream.com CNAME .
curuiositystream.com CNAME .
dailyrep.net CNAME .
darkview.org CNAME .
dayinlife.net CNAME .
discoveryfeed.org CNAME .

110
dist/pup-filter-snort2.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort2 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,60 +8,60 @@
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"4upgradingstablesafe.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000001; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"adslauchgo.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"app-track.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atwater.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beautinow.nl"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upfree-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-uprenewed-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upuber-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"brightlifestyle.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000029; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000030; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000031; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000032; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000033; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000034; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000035; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000036; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeracoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000037; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeramountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000038; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centerastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeravolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chatverse.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkstableaupdatinglinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chipovysta.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimrewards.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"coatofarms.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connecttheupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"craftstash.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crowdweightyellow.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curfiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000055; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curiositydstream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000056; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curuiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000057; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atwater.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beautinow.nl"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upfree-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-uprenewed-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upuber-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"brightlifestyle.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000029; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000030; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000031; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000032; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000033; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000034; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000035; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeracoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000036; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeramountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000037; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centerastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000038; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeravolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chatverse.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkstableaupdatinglinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chipovysta.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimrewards.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"coatofarms.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connecttheupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"craftstash.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crowdweightyellow.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curfiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curiositydstream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000055; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"curuiositystream.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000056; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyrep.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000057; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"darkview.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000058; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dayinlife.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000059; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"discoveryfeed.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000060; rev:1;)

110
dist/pup-filter-snort3.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort3 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,60 +8,60 @@
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"4upgradingstablesafe.work",nocase; classtype:web-application-activity; sid:300000001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"adslauchgo.xyz",nocase; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"app-track.club",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atwater.org",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beautinow.nl",nocase; classtype:web-application-activity; sid:300000016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upfree-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-uprenewed-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upuber-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"brightlifestyle.org",nocase; classtype:web-application-activity; sid:300000027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-planet.xyz",nocase; classtype:web-application-activity; sid:300000029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1plains.xyz",nocase; classtype:web-application-activity; sid:300000030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1sky.xyz",nocase; classtype:web-application-activity; sid:300000031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1star.xyz",nocase; classtype:web-application-activity; sid:300000032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7mountain.xyz",nocase; classtype:web-application-activity; sid:300000033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7ocean.xyz",nocase; classtype:web-application-activity; sid:300000034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7planet.xyz",nocase; classtype:web-application-activity; sid:300000035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7sky.xyz",nocase; classtype:web-application-activity; sid:300000036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeracoast.xyz",nocase; classtype:web-application-activity; sid:300000037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeramountain.xyz",nocase; classtype:web-application-activity; sid:300000038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centerastar.xyz",nocase; classtype:web-application-activity; sid:300000039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeravolcano.xyz",nocase; classtype:web-application-activity; sid:300000040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chatverse.net",nocase; classtype:web-application-activity; sid:300000041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"checkstableaupdatinglinks.work",nocase; classtype:web-application-activity; sid:300000042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chipovysta.pro",nocase; classtype:web-application-activity; sid:300000043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"claimrewards.rest",nocase; classtype:web-application-activity; sid:300000044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"coatofarms.nyc",nocase; classtype:web-application-activity; sid:300000045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connecttheupgradingurls.work",nocase; classtype:web-application-activity; sid:300000046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"craftstash.us",nocase; classtype:web-application-activity; sid:300000051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crowdweightyellow.top",nocase; classtype:web-application-activity; sid:300000054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curfiositystream.com",nocase; classtype:web-application-activity; sid:300000055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curiositydstream.com",nocase; classtype:web-application-activity; sid:300000056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curuiositystream.com",nocase; classtype:web-application-activity; sid:300000057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atwater.org",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beautinow.nl",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upfree-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-uprenewed-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upuber-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"brightlifestyle.org",nocase; classtype:web-application-activity; sid:300000026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-planet.xyz",nocase; classtype:web-application-activity; sid:300000028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1plains.xyz",nocase; classtype:web-application-activity; sid:300000029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1sky.xyz",nocase; classtype:web-application-activity; sid:300000030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1star.xyz",nocase; classtype:web-application-activity; sid:300000031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7mountain.xyz",nocase; classtype:web-application-activity; sid:300000032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7ocean.xyz",nocase; classtype:web-application-activity; sid:300000033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7planet.xyz",nocase; classtype:web-application-activity; sid:300000034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7sky.xyz",nocase; classtype:web-application-activity; sid:300000035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeracoast.xyz",nocase; classtype:web-application-activity; sid:300000036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeramountain.xyz",nocase; classtype:web-application-activity; sid:300000037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centerastar.xyz",nocase; classtype:web-application-activity; sid:300000038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeravolcano.xyz",nocase; classtype:web-application-activity; sid:300000039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chatverse.net",nocase; classtype:web-application-activity; sid:300000040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"checkstableaupdatinglinks.work",nocase; classtype:web-application-activity; sid:300000041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chipovysta.pro",nocase; classtype:web-application-activity; sid:300000042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"claimrewards.rest",nocase; classtype:web-application-activity; sid:300000043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"coatofarms.nyc",nocase; classtype:web-application-activity; sid:300000044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connecttheupgradingurls.work",nocase; classtype:web-application-activity; sid:300000045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"craftstash.us",nocase; classtype:web-application-activity; sid:300000050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crowdweightyellow.top",nocase; classtype:web-application-activity; sid:300000053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curfiositystream.com",nocase; classtype:web-application-activity; sid:300000054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curiositydstream.com",nocase; classtype:web-application-activity; sid:300000055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"curuiositystream.com",nocase; classtype:web-application-activity; sid:300000056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyrep.net",nocase; classtype:web-application-activity; sid:300000057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"darkview.org",nocase; classtype:web-application-activity; sid:300000058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dayinlife.net",nocase; classtype:web-application-activity; sid:300000059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"discoveryfeed.org",nocase; classtype:web-application-activity; sid:300000060; rev:1;)

110
dist/pup-filter-suricata.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Suricata Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,60 +8,60 @@
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4upgradingstablesafe.work"; classtype:web-application-activity; sid:300000001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adslauchgo.xyz"; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"app-track.club"; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atwater.org"; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beautinow.nl"; classtype:web-application-activity; sid:300000016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upfree-bestuberfile.best"; classtype:web-application-activity; sid:300000021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-uprenewed-bestuberfile.best"; classtype:web-application-activity; sid:300000024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upuber-bestfreefile.best"; classtype:web-application-activity; sid:300000026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightlifestyle.org"; classtype:web-application-activity; sid:300000027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-planet.xyz"; classtype:web-application-activity; sid:300000029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1plains.xyz"; classtype:web-application-activity; sid:300000030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1sky.xyz"; classtype:web-application-activity; sid:300000031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1star.xyz"; classtype:web-application-activity; sid:300000032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7mountain.xyz"; classtype:web-application-activity; sid:300000033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7ocean.xyz"; classtype:web-application-activity; sid:300000034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7planet.xyz"; classtype:web-application-activity; sid:300000035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7sky.xyz"; classtype:web-application-activity; sid:300000036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeracoast.xyz"; classtype:web-application-activity; sid:300000037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeramountain.xyz"; classtype:web-application-activity; sid:300000038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centerastar.xyz"; classtype:web-application-activity; sid:300000039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeravolcano.xyz"; classtype:web-application-activity; sid:300000040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chatverse.net"; classtype:web-application-activity; sid:300000041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkstableaupdatinglinks.work"; classtype:web-application-activity; sid:300000042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chipovysta.pro"; classtype:web-application-activity; sid:300000043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimrewards.rest"; classtype:web-application-activity; sid:300000044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coatofarms.nyc"; classtype:web-application-activity; sid:300000045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connecttheupgradingurls.work"; classtype:web-application-activity; sid:300000046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"craftstash.us"; classtype:web-application-activity; sid:300000051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crowdweightyellow.top"; classtype:web-application-activity; sid:300000054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curfiositystream.com"; classtype:web-application-activity; sid:300000055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curiositydstream.com"; classtype:web-application-activity; sid:300000056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curuiositystream.com"; classtype:web-application-activity; sid:300000057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atwater.org"; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beautinow.nl"; classtype:web-application-activity; sid:300000015; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000016; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000017; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000018; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000019; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upfree-bestuberfile.best"; classtype:web-application-activity; sid:300000020; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000021; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000022; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-uprenewed-bestuberfile.best"; classtype:web-application-activity; sid:300000023; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000024; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upuber-bestfreefile.best"; classtype:web-application-activity; sid:300000025; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightlifestyle.org"; classtype:web-application-activity; sid:300000026; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000027; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-planet.xyz"; classtype:web-application-activity; sid:300000028; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1plains.xyz"; classtype:web-application-activity; sid:300000029; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1sky.xyz"; classtype:web-application-activity; sid:300000030; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1star.xyz"; classtype:web-application-activity; sid:300000031; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7mountain.xyz"; classtype:web-application-activity; sid:300000032; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7ocean.xyz"; classtype:web-application-activity; sid:300000033; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7planet.xyz"; classtype:web-application-activity; sid:300000034; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7sky.xyz"; classtype:web-application-activity; sid:300000035; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeracoast.xyz"; classtype:web-application-activity; sid:300000036; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeramountain.xyz"; classtype:web-application-activity; sid:300000037; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centerastar.xyz"; classtype:web-application-activity; sid:300000038; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeravolcano.xyz"; classtype:web-application-activity; sid:300000039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chatverse.net"; classtype:web-application-activity; sid:300000040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkstableaupdatinglinks.work"; classtype:web-application-activity; sid:300000041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chipovysta.pro"; classtype:web-application-activity; sid:300000042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimrewards.rest"; classtype:web-application-activity; sid:300000043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coatofarms.nyc"; classtype:web-application-activity; sid:300000044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connecttheupgradingurls.work"; classtype:web-application-activity; sid:300000045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"craftstash.us"; classtype:web-application-activity; sid:300000050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crowdweightyellow.top"; classtype:web-application-activity; sid:300000053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curfiositystream.com"; classtype:web-application-activity; sid:300000054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curiositydstream.com"; classtype:web-application-activity; sid:300000055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curuiositystream.com"; classtype:web-application-activity; sid:300000056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyrep.net"; classtype:web-application-activity; sid:300000057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"darkview.org"; classtype:web-application-activity; sid:300000058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dayinlife.net"; classtype:web-application-activity; sid:300000059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"discoveryfeed.org"; classtype:web-application-activity; sid:300000060; rev:1;)

4
dist/pup-filter-unbound.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Unbound Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
local-zone: "4upgradingstablesafe.work" always_nxdomain
local-zone: "adslauchgo.xyz" always_nxdomain
local-zone: "aikoo.club" always_nxdomain
local-zone: "app-track.club" always_nxdomain
local-zone: "appsto.cloud" always_nxdomain
local-zone: "appzfirer.biz" always_nxdomain
local-zone: "arre.work" always_nxdomain
@ -62,6 +61,7 @@ local-zone: "crowdweightyellow.top" always_nxdomain
local-zone: "curfiositystream.com" always_nxdomain
local-zone: "curiositydstream.com" always_nxdomain
local-zone: "curuiositystream.com" always_nxdomain
local-zone: "dailyrep.net" always_nxdomain
local-zone: "darkview.org" always_nxdomain
local-zone: "dayinlife.net" always_nxdomain
local-zone: "discoveryfeed.org" always_nxdomain

4
dist/pup-filter-vivaldi.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (Vivaldi)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 18 Nov 2021 00:03:01 +0000
! Updated: Thu, 18 Nov 2021 12:02:59 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
||4upgradingstablesafe.work$document
||adslauchgo.xyz$document
||aikoo.club$document
||app-track.club$document
||appsto.cloud$document
||appzfirer.biz$document
||arre.work$document
@ -62,6 +61,7 @@
||curfiositystream.com$document
||curiositydstream.com$document
||curuiositystream.com$document
||dailyrep.net$document
||darkview.org$document
||dayinlife.net$document
||discoveryfeed.org$document

4
dist/pup-filter.tpl vendored
View File

@ -1,7 +1,7 @@
msFilterList
# Title: PUP Hosts Blocklist (IE)
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 18 Nov 2021 00:03:01 +0000
# Updated: Thu, 18 Nov 2021 12:02:59 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -11,7 +11,6 @@ msFilterList
-d 4upgradingstablesafe.work
-d adslauchgo.xyz
-d aikoo.club
-d app-track.club
-d appsto.cloud
-d appzfirer.biz
-d arre.work
@ -65,6 +64,7 @@ msFilterList
-d curfiositystream.com
-d curiositydstream.com
-d curuiositystream.com
-d dailyrep.net
-d darkview.org
-d dayinlife.net
-d discoveryfeed.org

4
dist/pup-filter.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 18 Nov 2021 00:03:01 +0000
! Updated: Thu, 18 Nov 2021 12:02:59 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -8,7 +8,6 @@
4upgradingstablesafe.work
adslauchgo.xyz
aikoo.club
app-track.club
appsto.cloud
appzfirer.biz
arre.work
@ -62,6 +61,7 @@ crowdweightyellow.top
curfiositystream.com
curiositydstream.com
curuiositystream.com
dailyrep.net
darkview.org
dayinlife.net
discoveryfeed.org