From 8ea2515c249d4693a0100b52ad114d0f32b5f50f Mon Sep 17 00:00:00 2001 From: curben-bot <3048979-curben-bot@users.noreply.gitlab.com> Date: Fri, 12 Nov 2021 00:02:55 +0000 Subject: [PATCH] Filter updated: Fri, 12 Nov 2021 00:02:55 +0000 --- dist/pup-filter-ag.txt | 23 +- dist/pup-filter-agh.txt | 23 +- dist/pup-filter-bind.conf | 23 +- dist/pup-filter-dnscrypt-blocked-names.txt | 23 +- dist/pup-filter-dnsmasq.conf | 23 +- dist/pup-filter-domains.txt | 23 +- dist/pup-filter-hosts.txt | 23 +- dist/pup-filter-rpz.conf | 25 +- dist/pup-filter-snort2.rules | 689 ++++++++++----------- dist/pup-filter-snort3.rules | 689 ++++++++++----------- dist/pup-filter-suricata.rules | 689 ++++++++++----------- dist/pup-filter-unbound.conf | 23 +- dist/pup-filter-vivaldi.txt | 23 +- dist/pup-filter.tpl | 23 +- dist/pup-filter.txt | 23 +- 15 files changed, 1120 insertions(+), 1225 deletions(-) diff --git a/dist/pup-filter-ag.txt b/dist/pup-filter-ag.txt index 69aa9ca..e8bd6f9 100644 --- a/dist/pup-filter-ag.txt +++ b/dist/pup-filter-ag.txt @@ -1,12 +1,13 @@ ! Title: PUP Domains Blocklist (AdGuard) ! Description: Block domains that host potentially unwanted programs (PUP) -! Updated: Thu, 11 Nov 2021 12:03:21 +0000 +! Updated: Fri, 12 Nov 2021 00:02:54 +0000 ! Expires: 1 day (update frequency) ! Homepage: https://gitlab.com/curben/pup-filter ! License: https://gitlab.com/curben/pup-filter#license ! Source: https://github.com/zhouhanc/malware-discoverer ||2021travel.net$all ||4upgradingstablesafe.work$all +||abcscience.xyz$all ||adslauchgo.xyz$all ||affiliateland.io$all ||aikoo.club$all @@ -58,7 +59,6 @@ ||contentamigo.ru$all ||contentarea.ru$all ||country-news.live$all -||craftstash.us$all ||crazyprize.buzz$all ||credit-monitoring-360.xyz$all ||crowdweightyellow.top$all @@ -94,6 +94,7 @@ ||fastwebb.xyz$all ||findaupgradingurls.work$all ||finditquick.online$all +||finreporter.net$all ||fireapps.cloud$all ||flash-rewards.info$all ||funanime.me$all @@ -115,7 +116,6 @@ ||huge2upgradescentral.work$all ||humansystemsecurity.top$all ||imagefind.org$all -||incing-marganic.icu$all ||initiatecompletelyprecisethefile.vip$all ||initiatecompletelyprogressivethefile.vip$all ||initiatecompletelyspeedythefile.vip$all @@ -143,10 +143,8 @@ ||juicydataage.ru$all ||juicydataair.ru$all ||juicydataalt.ru$all -||junemedia.bar$all ||junemedia.club$all ||junesmile.xyz$all -||keepinfit.net$all ||koalaautumna.xyz$all ||koalaautumnb.xyz$all ||koalaautumnc.xyz$all @@ -169,30 +167,24 @@ ||koalawinterc.xyz$all ||koalawinterd.xyz$all ||koalawintere.xyz$all +||kompsos.uk$all ||lackystack.net$all ||link4updatingcentral.work$all ||listenthisso.top$all ||lltrsknoob.click$all -||loadadvancedextremelythefile.vip$all -||loadextremelycurrentthefile.vip$all -||loadextremelyrecentthefile.vip$all ||loadfree-bestheavilyfile.best$all ||loadgreatlynewestthefile.vip$all ||loadgreatlyoriginalthefile.vip$all ||loadgreatlyprogressivethefile.vip$all ||loadgreatlyrenewedthefile.vip$all -||loadhighlyadvancedthefile.vip$all ||loadintenselyquickthefile.vip$all ||loadintenselyspeedythefile.vip$all ||loadintenselystrongthefile.vip$all ||loadintenselyswiftthefile.vip$all -||loadnewestextremelythefile.vip$all ||loadnewestgreatlythefile.vip$all -||loadoriginalextremelythefile.vip$all ||loadoriginalgreatlythefile.vip$all ||loadpreciseintenselythefile.vip$all ||loadprogressivegreatlythefile.vip$all -||loadrecentextremelythefile.vip$all ||loadrenewedgreatlythefile.vip$all ||loadstrongintenselythefile.vip$all ||loadswiftintenselythefile.vip$all @@ -292,6 +284,7 @@ ||rancy.xyz$all ||real-buy.net$all ||rewardgivingrealspecialoffer.cyou$all +||richsurvey.live$all ||runadvanced-bestgreatlyfile.best$all ||rungreatly-bestadvancedfile.best$all ||safeguide.net$all @@ -308,7 +301,6 @@ ||shopin.nyc$all ||shopnsave.world$all ||smartideas.pro$all -||software-dealz.de$all ||sonic-ocean.xyz$all ||sonic-plains.xyz$all ||sonic1asteroid.xyz$all @@ -361,13 +353,13 @@ ||theirproviderock.top$all ||thelastpicture.show$all ||timefornews.online$all -||timeoffers.net$all ||top-offers2.club$all ||topdating.online$all ||tracking-landers.xyz$all ||trotineo.fr$all ||truecompassion.net$all ||updatefix.xyz$all +||updateview.tech$all ||upplaysite.xyz$all ||usepro.me$all ||useprovpn.me$all @@ -390,6 +382,7 @@ ||viralsharks.net$all ||vpn-pro.club$all ||vpnsecurity.me$all +||wallda.site$all ||watchextremely-bestsophisticatedfile.best$all ||watchprogressive-bestmostfile.best$all ||watchquick-bestheavilyfile.best$all @@ -409,10 +402,10 @@ ||westastar.xyz$all ||winnerz.icu$all ||worldwideofficialpromotion.cyou$all -||your-magazine.me$all ||yourlegendarysystemsupgrade.work$all ||yourlinkplaceupdatingfree.work$all ||yourluckytoday.club$all ||yourmoneymachine.cc$all ||yoursafestgreatplaceupdates.work$all +||zalando-prive.es$all ||zeusmedia.info$all diff --git a/dist/pup-filter-agh.txt b/dist/pup-filter-agh.txt index 9292b12..d4c046c 100644 --- a/dist/pup-filter-agh.txt +++ b/dist/pup-filter-agh.txt @@ -1,12 +1,13 @@ ! Title: PUP Domains Blocklist (AdGuard Home) ! Description: Block domains that host potentially unwanted programs (PUP) -! Updated: Thu, 11 Nov 2021 12:03:21 +0000 +! Updated: Fri, 12 Nov 2021 00:02:54 +0000 ! Expires: 1 day (update frequency) ! Homepage: https://gitlab.com/curben/pup-filter ! License: https://gitlab.com/curben/pup-filter#license ! Source: https://github.com/zhouhanc/malware-discoverer ||2021travel.net^ ||4upgradingstablesafe.work^ +||abcscience.xyz^ ||adslauchgo.xyz^ ||affiliateland.io^ ||aikoo.club^ @@ -58,7 +59,6 @@ ||contentamigo.ru^ ||contentarea.ru^ ||country-news.live^ -||craftstash.us^ ||crazyprize.buzz^ ||credit-monitoring-360.xyz^ ||crowdweightyellow.top^ @@ -94,6 +94,7 @@ ||fastwebb.xyz^ ||findaupgradingurls.work^ ||finditquick.online^ +||finreporter.net^ ||fireapps.cloud^ ||flash-rewards.info^ ||funanime.me^ @@ -115,7 +116,6 @@ ||huge2upgradescentral.work^ ||humansystemsecurity.top^ ||imagefind.org^ -||incing-marganic.icu^ ||initiatecompletelyprecisethefile.vip^ ||initiatecompletelyprogressivethefile.vip^ ||initiatecompletelyspeedythefile.vip^ @@ -143,10 +143,8 @@ ||juicydataage.ru^ ||juicydataair.ru^ ||juicydataalt.ru^ -||junemedia.bar^ ||junemedia.club^ ||junesmile.xyz^ -||keepinfit.net^ ||koalaautumna.xyz^ ||koalaautumnb.xyz^ ||koalaautumnc.xyz^ @@ -169,30 +167,24 @@ ||koalawinterc.xyz^ ||koalawinterd.xyz^ ||koalawintere.xyz^ +||kompsos.uk^ ||lackystack.net^ ||link4updatingcentral.work^ ||listenthisso.top^ ||lltrsknoob.click^ -||loadadvancedextremelythefile.vip^ -||loadextremelycurrentthefile.vip^ -||loadextremelyrecentthefile.vip^ ||loadfree-bestheavilyfile.best^ ||loadgreatlynewestthefile.vip^ ||loadgreatlyoriginalthefile.vip^ ||loadgreatlyprogressivethefile.vip^ ||loadgreatlyrenewedthefile.vip^ -||loadhighlyadvancedthefile.vip^ ||loadintenselyquickthefile.vip^ ||loadintenselyspeedythefile.vip^ ||loadintenselystrongthefile.vip^ ||loadintenselyswiftthefile.vip^ -||loadnewestextremelythefile.vip^ ||loadnewestgreatlythefile.vip^ -||loadoriginalextremelythefile.vip^ ||loadoriginalgreatlythefile.vip^ ||loadpreciseintenselythefile.vip^ ||loadprogressivegreatlythefile.vip^ -||loadrecentextremelythefile.vip^ ||loadrenewedgreatlythefile.vip^ ||loadstrongintenselythefile.vip^ ||loadswiftintenselythefile.vip^ @@ -292,6 +284,7 @@ ||rancy.xyz^ ||real-buy.net^ ||rewardgivingrealspecialoffer.cyou^ +||richsurvey.live^ ||runadvanced-bestgreatlyfile.best^ ||rungreatly-bestadvancedfile.best^ ||safeguide.net^ @@ -308,7 +301,6 @@ ||shopin.nyc^ ||shopnsave.world^ ||smartideas.pro^ -||software-dealz.de^ ||sonic-ocean.xyz^ ||sonic-plains.xyz^ ||sonic1asteroid.xyz^ @@ -361,13 +353,13 @@ ||theirproviderock.top^ ||thelastpicture.show^ ||timefornews.online^ -||timeoffers.net^ ||top-offers2.club^ ||topdating.online^ ||tracking-landers.xyz^ ||trotineo.fr^ ||truecompassion.net^ ||updatefix.xyz^ +||updateview.tech^ ||upplaysite.xyz^ ||usepro.me^ ||useprovpn.me^ @@ -390,6 +382,7 @@ ||viralsharks.net^ ||vpn-pro.club^ ||vpnsecurity.me^ +||wallda.site^ ||watchextremely-bestsophisticatedfile.best^ ||watchprogressive-bestmostfile.best^ ||watchquick-bestheavilyfile.best^ @@ -409,10 +402,10 @@ ||westastar.xyz^ ||winnerz.icu^ ||worldwideofficialpromotion.cyou^ -||your-magazine.me^ ||yourlegendarysystemsupgrade.work^ ||yourlinkplaceupdatingfree.work^ ||yourluckytoday.club^ ||yourmoneymachine.cc^ ||yoursafestgreatplaceupdates.work^ +||zalando-prive.es^ ||zeusmedia.info^ diff --git a/dist/pup-filter-bind.conf b/dist/pup-filter-bind.conf index c56a766..82479ae 100644 --- a/dist/pup-filter-bind.conf +++ b/dist/pup-filter-bind.conf @@ -1,12 +1,13 @@ # Title: PUP Domains BIND Blocklist # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer zone "2021travel.net" { type master; notify no; file "null.zone.file"; }; zone "4upgradingstablesafe.work" { type master; notify no; file "null.zone.file"; }; +zone "abcscience.xyz" { type master; notify no; file "null.zone.file"; }; zone "adslauchgo.xyz" { type master; notify no; file "null.zone.file"; }; zone "affiliateland.io" { type master; notify no; file "null.zone.file"; }; zone "aikoo.club" { type master; notify no; file "null.zone.file"; }; @@ -58,7 +59,6 @@ zone "consumerprotectioncybersecurity.org" { type master; notify no; file "null. zone "contentamigo.ru" { type master; notify no; file "null.zone.file"; }; zone "contentarea.ru" { type master; notify no; file "null.zone.file"; }; zone "country-news.live" { type master; notify no; file "null.zone.file"; }; -zone "craftstash.us" { type master; notify no; file "null.zone.file"; }; zone "crazyprize.buzz" { type master; notify no; file "null.zone.file"; }; zone "credit-monitoring-360.xyz" { type master; notify no; file "null.zone.file"; }; zone "crowdweightyellow.top" { type master; notify no; file "null.zone.file"; }; @@ -94,6 +94,7 @@ zone "fastspotb.xyz" { type master; notify no; file "null.zone.file"; }; zone "fastwebb.xyz" { type master; notify no; file "null.zone.file"; }; zone "findaupgradingurls.work" { type master; notify no; file "null.zone.file"; }; zone "finditquick.online" { type master; notify no; file "null.zone.file"; }; +zone "finreporter.net" { type master; notify no; file "null.zone.file"; }; zone "fireapps.cloud" { type master; notify no; file "null.zone.file"; }; zone "flash-rewards.info" { type master; notify no; file "null.zone.file"; }; zone "funanime.me" { type master; notify no; file "null.zone.file"; }; @@ -115,7 +116,6 @@ zone "hpages.net" { type master; notify no; file "null.zone.file"; }; zone "huge2upgradescentral.work" { type master; notify no; file "null.zone.file"; }; zone "humansystemsecurity.top" { type master; notify no; file "null.zone.file"; }; zone "imagefind.org" { type master; notify no; file "null.zone.file"; }; -zone "incing-marganic.icu" { type master; notify no; file "null.zone.file"; }; zone "initiatecompletelyprecisethefile.vip" { type master; notify no; file "null.zone.file"; }; zone "initiatecompletelyprogressivethefile.vip" { type master; notify no; file "null.zone.file"; }; zone "initiatecompletelyspeedythefile.vip" { type master; notify no; file "null.zone.file"; }; @@ -143,10 +143,8 @@ zone "juicydataadvance.ru" { type master; notify no; file "null.zone.file"; }; zone "juicydataage.ru" { type master; notify no; file "null.zone.file"; }; zone "juicydataair.ru" { type master; notify no; file "null.zone.file"; }; zone "juicydataalt.ru" { type master; notify no; file "null.zone.file"; }; -zone "junemedia.bar" { type master; notify no; file "null.zone.file"; }; zone "junemedia.club" { type master; notify no; file "null.zone.file"; }; zone "junesmile.xyz" { type master; notify no; file "null.zone.file"; }; -zone "keepinfit.net" { type master; notify no; file "null.zone.file"; }; zone "koalaautumna.xyz" { type master; notify no; file "null.zone.file"; }; zone "koalaautumnb.xyz" { type master; notify no; file "null.zone.file"; }; zone "koalaautumnc.xyz" { type master; notify no; file "null.zone.file"; }; @@ -169,30 +167,24 @@ zone "koalawinterb.xyz" { type master; notify no; file "null.zone.file"; }; zone "koalawinterc.xyz" { type master; notify no; file "null.zone.file"; }; zone "koalawinterd.xyz" { type master; notify no; file "null.zone.file"; }; zone "koalawintere.xyz" { type master; notify no; file "null.zone.file"; }; +zone "kompsos.uk" { type master; notify no; file "null.zone.file"; }; zone "lackystack.net" { type master; notify no; file "null.zone.file"; }; zone "link4updatingcentral.work" { type master; notify no; file "null.zone.file"; }; zone "listenthisso.top" { type master; notify no; file "null.zone.file"; }; zone "lltrsknoob.click" { type master; notify no; file "null.zone.file"; }; -zone "loadadvancedextremelythefile.vip" { type master; notify no; file "null.zone.file"; }; -zone "loadextremelycurrentthefile.vip" { type master; notify no; file "null.zone.file"; }; -zone "loadextremelyrecentthefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadfree-bestheavilyfile.best" { type master; notify no; file "null.zone.file"; }; zone "loadgreatlynewestthefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadgreatlyoriginalthefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadgreatlyprogressivethefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadgreatlyrenewedthefile.vip" { type master; notify no; file "null.zone.file"; }; -zone "loadhighlyadvancedthefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadintenselyquickthefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadintenselyspeedythefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadintenselystrongthefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadintenselyswiftthefile.vip" { type master; notify no; file "null.zone.file"; }; -zone "loadnewestextremelythefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadnewestgreatlythefile.vip" { type master; notify no; file "null.zone.file"; }; -zone "loadoriginalextremelythefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadoriginalgreatlythefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadpreciseintenselythefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadprogressivegreatlythefile.vip" { type master; notify no; file "null.zone.file"; }; -zone "loadrecentextremelythefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadrenewedgreatlythefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadstrongintenselythefile.vip" { type master; notify no; file "null.zone.file"; }; zone "loadswiftintenselythefile.vip" { type master; notify no; file "null.zone.file"; }; @@ -292,6 +284,7 @@ zone "quizshein.shop" { type master; notify no; file "null.zone.file"; }; zone "rancy.xyz" { type master; notify no; file "null.zone.file"; }; zone "real-buy.net" { type master; notify no; file "null.zone.file"; }; zone "rewardgivingrealspecialoffer.cyou" { type master; notify no; file "null.zone.file"; }; +zone "richsurvey.live" { type master; notify no; file "null.zone.file"; }; zone "runadvanced-bestgreatlyfile.best" { type master; notify no; file "null.zone.file"; }; zone "rungreatly-bestadvancedfile.best" { type master; notify no; file "null.zone.file"; }; zone "safeguide.net" { type master; notify no; file "null.zone.file"; }; @@ -308,7 +301,6 @@ zone "sergey-tracks.xyz" { type master; notify no; file "null.zone.file"; }; zone "shopin.nyc" { type master; notify no; file "null.zone.file"; }; zone "shopnsave.world" { type master; notify no; file "null.zone.file"; }; zone "smartideas.pro" { type master; notify no; file "null.zone.file"; }; -zone "software-dealz.de" { type master; notify no; file "null.zone.file"; }; zone "sonic-ocean.xyz" { type master; notify no; file "null.zone.file"; }; zone "sonic-plains.xyz" { type master; notify no; file "null.zone.file"; }; zone "sonic1asteroid.xyz" { type master; notify no; file "null.zone.file"; }; @@ -361,13 +353,13 @@ zone "thedealexpert.net" { type master; notify no; file "null.zone.file"; }; zone "theirproviderock.top" { type master; notify no; file "null.zone.file"; }; zone "thelastpicture.show" { type master; notify no; file "null.zone.file"; }; zone "timefornews.online" { type master; notify no; file "null.zone.file"; }; -zone "timeoffers.net" { type master; notify no; file "null.zone.file"; }; zone "top-offers2.club" { type master; notify no; file "null.zone.file"; }; zone "topdating.online" { type master; notify no; file "null.zone.file"; }; zone "tracking-landers.xyz" { type master; notify no; file "null.zone.file"; }; zone "trotineo.fr" { type master; notify no; file "null.zone.file"; }; zone "truecompassion.net" { type master; notify no; file "null.zone.file"; }; zone "updatefix.xyz" { type master; notify no; file "null.zone.file"; }; +zone "updateview.tech" { type master; notify no; file "null.zone.file"; }; zone "upplaysite.xyz" { type master; notify no; file "null.zone.file"; }; zone "usepro.me" { type master; notify no; file "null.zone.file"; }; zone "useprovpn.me" { type master; notify no; file "null.zone.file"; }; @@ -390,6 +382,7 @@ zone "videovoiceace.ru" { type master; notify no; file "null.zone.file"; }; zone "viralsharks.net" { type master; notify no; file "null.zone.file"; }; zone "vpn-pro.club" { type master; notify no; file "null.zone.file"; }; zone "vpnsecurity.me" { type master; notify no; file "null.zone.file"; }; +zone "wallda.site" { type master; notify no; file "null.zone.file"; }; zone "watchextremely-bestsophisticatedfile.best" { type master; notify no; file "null.zone.file"; }; zone "watchprogressive-bestmostfile.best" { type master; notify no; file "null.zone.file"; }; zone "watchquick-bestheavilyfile.best" { type master; notify no; file "null.zone.file"; }; @@ -409,10 +402,10 @@ zone "westasea.xyz" { type master; notify no; file "null.zone.file"; }; zone "westastar.xyz" { type master; notify no; file "null.zone.file"; }; zone "winnerz.icu" { type master; notify no; file "null.zone.file"; }; zone "worldwideofficialpromotion.cyou" { type master; notify no; file "null.zone.file"; }; -zone "your-magazine.me" { type master; notify no; file "null.zone.file"; }; zone "yourlegendarysystemsupgrade.work" { type master; notify no; file "null.zone.file"; }; zone "yourlinkplaceupdatingfree.work" { type master; notify no; file "null.zone.file"; }; zone "yourluckytoday.club" { type master; notify no; file "null.zone.file"; }; zone "yourmoneymachine.cc" { type master; notify no; file "null.zone.file"; }; zone "yoursafestgreatplaceupdates.work" { type master; notify no; file "null.zone.file"; }; +zone "zalando-prive.es" { type master; notify no; file "null.zone.file"; }; zone "zeusmedia.info" { type master; notify no; file "null.zone.file"; }; diff --git a/dist/pup-filter-dnscrypt-blocked-names.txt b/dist/pup-filter-dnscrypt-blocked-names.txt index 2d205af..f30e388 100644 --- a/dist/pup-filter-dnscrypt-blocked-names.txt +++ b/dist/pup-filter-dnscrypt-blocked-names.txt @@ -1,12 +1,13 @@ # Title: PUP Names Blocklist # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer 2021travel.net 4upgradingstablesafe.work +abcscience.xyz adslauchgo.xyz affiliateland.io aikoo.club @@ -58,7 +59,6 @@ consumerprotectioncybersecurity.org contentamigo.ru contentarea.ru country-news.live -craftstash.us crazyprize.buzz credit-monitoring-360.xyz crowdweightyellow.top @@ -94,6 +94,7 @@ fastspotb.xyz fastwebb.xyz findaupgradingurls.work finditquick.online +finreporter.net fireapps.cloud flash-rewards.info funanime.me @@ -115,7 +116,6 @@ hpages.net huge2upgradescentral.work humansystemsecurity.top imagefind.org -incing-marganic.icu initiatecompletelyprecisethefile.vip initiatecompletelyprogressivethefile.vip initiatecompletelyspeedythefile.vip @@ -143,10 +143,8 @@ juicydataadvance.ru juicydataage.ru juicydataair.ru juicydataalt.ru -junemedia.bar junemedia.club junesmile.xyz -keepinfit.net koalaautumna.xyz koalaautumnb.xyz koalaautumnc.xyz @@ -169,30 +167,24 @@ koalawinterb.xyz koalawinterc.xyz koalawinterd.xyz koalawintere.xyz +kompsos.uk lackystack.net link4updatingcentral.work listenthisso.top lltrsknoob.click -loadadvancedextremelythefile.vip -loadextremelycurrentthefile.vip -loadextremelyrecentthefile.vip loadfree-bestheavilyfile.best loadgreatlynewestthefile.vip loadgreatlyoriginalthefile.vip loadgreatlyprogressivethefile.vip loadgreatlyrenewedthefile.vip -loadhighlyadvancedthefile.vip loadintenselyquickthefile.vip loadintenselyspeedythefile.vip loadintenselystrongthefile.vip loadintenselyswiftthefile.vip -loadnewestextremelythefile.vip loadnewestgreatlythefile.vip -loadoriginalextremelythefile.vip loadoriginalgreatlythefile.vip loadpreciseintenselythefile.vip loadprogressivegreatlythefile.vip -loadrecentextremelythefile.vip loadrenewedgreatlythefile.vip loadstrongintenselythefile.vip loadswiftintenselythefile.vip @@ -292,6 +284,7 @@ quizshein.shop rancy.xyz real-buy.net rewardgivingrealspecialoffer.cyou +richsurvey.live runadvanced-bestgreatlyfile.best rungreatly-bestadvancedfile.best safeguide.net @@ -308,7 +301,6 @@ sergey-tracks.xyz shopin.nyc shopnsave.world smartideas.pro -software-dealz.de sonic-ocean.xyz sonic-plains.xyz sonic1asteroid.xyz @@ -361,13 +353,13 @@ thedealexpert.net theirproviderock.top thelastpicture.show timefornews.online -timeoffers.net top-offers2.club topdating.online tracking-landers.xyz trotineo.fr truecompassion.net updatefix.xyz +updateview.tech upplaysite.xyz usepro.me useprovpn.me @@ -390,6 +382,7 @@ videovoiceace.ru viralsharks.net vpn-pro.club vpnsecurity.me +wallda.site watchextremely-bestsophisticatedfile.best watchprogressive-bestmostfile.best watchquick-bestheavilyfile.best @@ -409,10 +402,10 @@ westasea.xyz westastar.xyz winnerz.icu worldwideofficialpromotion.cyou -your-magazine.me yourlegendarysystemsupgrade.work yourlinkplaceupdatingfree.work yourluckytoday.club yourmoneymachine.cc yoursafestgreatplaceupdates.work +zalando-prive.es zeusmedia.info diff --git a/dist/pup-filter-dnsmasq.conf b/dist/pup-filter-dnsmasq.conf index 4535902..8ddb76c 100644 --- a/dist/pup-filter-dnsmasq.conf +++ b/dist/pup-filter-dnsmasq.conf @@ -1,12 +1,13 @@ # Title: PUP Domains dnsmasq Blocklist # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer address=/2021travel.net/0.0.0.0 address=/4upgradingstablesafe.work/0.0.0.0 +address=/abcscience.xyz/0.0.0.0 address=/adslauchgo.xyz/0.0.0.0 address=/affiliateland.io/0.0.0.0 address=/aikoo.club/0.0.0.0 @@ -58,7 +59,6 @@ address=/consumerprotectioncybersecurity.org/0.0.0.0 address=/contentamigo.ru/0.0.0.0 address=/contentarea.ru/0.0.0.0 address=/country-news.live/0.0.0.0 -address=/craftstash.us/0.0.0.0 address=/crazyprize.buzz/0.0.0.0 address=/credit-monitoring-360.xyz/0.0.0.0 address=/crowdweightyellow.top/0.0.0.0 @@ -94,6 +94,7 @@ address=/fastspotb.xyz/0.0.0.0 address=/fastwebb.xyz/0.0.0.0 address=/findaupgradingurls.work/0.0.0.0 address=/finditquick.online/0.0.0.0 +address=/finreporter.net/0.0.0.0 address=/fireapps.cloud/0.0.0.0 address=/flash-rewards.info/0.0.0.0 address=/funanime.me/0.0.0.0 @@ -115,7 +116,6 @@ address=/hpages.net/0.0.0.0 address=/huge2upgradescentral.work/0.0.0.0 address=/humansystemsecurity.top/0.0.0.0 address=/imagefind.org/0.0.0.0 -address=/incing-marganic.icu/0.0.0.0 address=/initiatecompletelyprecisethefile.vip/0.0.0.0 address=/initiatecompletelyprogressivethefile.vip/0.0.0.0 address=/initiatecompletelyspeedythefile.vip/0.0.0.0 @@ -143,10 +143,8 @@ address=/juicydataadvance.ru/0.0.0.0 address=/juicydataage.ru/0.0.0.0 address=/juicydataair.ru/0.0.0.0 address=/juicydataalt.ru/0.0.0.0 -address=/junemedia.bar/0.0.0.0 address=/junemedia.club/0.0.0.0 address=/junesmile.xyz/0.0.0.0 -address=/keepinfit.net/0.0.0.0 address=/koalaautumna.xyz/0.0.0.0 address=/koalaautumnb.xyz/0.0.0.0 address=/koalaautumnc.xyz/0.0.0.0 @@ -169,30 +167,24 @@ address=/koalawinterb.xyz/0.0.0.0 address=/koalawinterc.xyz/0.0.0.0 address=/koalawinterd.xyz/0.0.0.0 address=/koalawintere.xyz/0.0.0.0 +address=/kompsos.uk/0.0.0.0 address=/lackystack.net/0.0.0.0 address=/link4updatingcentral.work/0.0.0.0 address=/listenthisso.top/0.0.0.0 address=/lltrsknoob.click/0.0.0.0 -address=/loadadvancedextremelythefile.vip/0.0.0.0 -address=/loadextremelycurrentthefile.vip/0.0.0.0 -address=/loadextremelyrecentthefile.vip/0.0.0.0 address=/loadfree-bestheavilyfile.best/0.0.0.0 address=/loadgreatlynewestthefile.vip/0.0.0.0 address=/loadgreatlyoriginalthefile.vip/0.0.0.0 address=/loadgreatlyprogressivethefile.vip/0.0.0.0 address=/loadgreatlyrenewedthefile.vip/0.0.0.0 -address=/loadhighlyadvancedthefile.vip/0.0.0.0 address=/loadintenselyquickthefile.vip/0.0.0.0 address=/loadintenselyspeedythefile.vip/0.0.0.0 address=/loadintenselystrongthefile.vip/0.0.0.0 address=/loadintenselyswiftthefile.vip/0.0.0.0 -address=/loadnewestextremelythefile.vip/0.0.0.0 address=/loadnewestgreatlythefile.vip/0.0.0.0 -address=/loadoriginalextremelythefile.vip/0.0.0.0 address=/loadoriginalgreatlythefile.vip/0.0.0.0 address=/loadpreciseintenselythefile.vip/0.0.0.0 address=/loadprogressivegreatlythefile.vip/0.0.0.0 -address=/loadrecentextremelythefile.vip/0.0.0.0 address=/loadrenewedgreatlythefile.vip/0.0.0.0 address=/loadstrongintenselythefile.vip/0.0.0.0 address=/loadswiftintenselythefile.vip/0.0.0.0 @@ -292,6 +284,7 @@ address=/quizshein.shop/0.0.0.0 address=/rancy.xyz/0.0.0.0 address=/real-buy.net/0.0.0.0 address=/rewardgivingrealspecialoffer.cyou/0.0.0.0 +address=/richsurvey.live/0.0.0.0 address=/runadvanced-bestgreatlyfile.best/0.0.0.0 address=/rungreatly-bestadvancedfile.best/0.0.0.0 address=/safeguide.net/0.0.0.0 @@ -308,7 +301,6 @@ address=/sergey-tracks.xyz/0.0.0.0 address=/shopin.nyc/0.0.0.0 address=/shopnsave.world/0.0.0.0 address=/smartideas.pro/0.0.0.0 -address=/software-dealz.de/0.0.0.0 address=/sonic-ocean.xyz/0.0.0.0 address=/sonic-plains.xyz/0.0.0.0 address=/sonic1asteroid.xyz/0.0.0.0 @@ -361,13 +353,13 @@ address=/thedealexpert.net/0.0.0.0 address=/theirproviderock.top/0.0.0.0 address=/thelastpicture.show/0.0.0.0 address=/timefornews.online/0.0.0.0 -address=/timeoffers.net/0.0.0.0 address=/top-offers2.club/0.0.0.0 address=/topdating.online/0.0.0.0 address=/tracking-landers.xyz/0.0.0.0 address=/trotineo.fr/0.0.0.0 address=/truecompassion.net/0.0.0.0 address=/updatefix.xyz/0.0.0.0 +address=/updateview.tech/0.0.0.0 address=/upplaysite.xyz/0.0.0.0 address=/usepro.me/0.0.0.0 address=/useprovpn.me/0.0.0.0 @@ -390,6 +382,7 @@ address=/videovoiceace.ru/0.0.0.0 address=/viralsharks.net/0.0.0.0 address=/vpn-pro.club/0.0.0.0 address=/vpnsecurity.me/0.0.0.0 +address=/wallda.site/0.0.0.0 address=/watchextremely-bestsophisticatedfile.best/0.0.0.0 address=/watchprogressive-bestmostfile.best/0.0.0.0 address=/watchquick-bestheavilyfile.best/0.0.0.0 @@ -409,10 +402,10 @@ address=/westasea.xyz/0.0.0.0 address=/westastar.xyz/0.0.0.0 address=/winnerz.icu/0.0.0.0 address=/worldwideofficialpromotion.cyou/0.0.0.0 -address=/your-magazine.me/0.0.0.0 address=/yourlegendarysystemsupgrade.work/0.0.0.0 address=/yourlinkplaceupdatingfree.work/0.0.0.0 address=/yourluckytoday.club/0.0.0.0 address=/yourmoneymachine.cc/0.0.0.0 address=/yoursafestgreatplaceupdates.work/0.0.0.0 +address=/zalando-prive.es/0.0.0.0 address=/zeusmedia.info/0.0.0.0 diff --git a/dist/pup-filter-domains.txt b/dist/pup-filter-domains.txt index ecd4e1e..321e92c 100644 --- a/dist/pup-filter-domains.txt +++ b/dist/pup-filter-domains.txt @@ -1,12 +1,13 @@ # Title: PUP Domains Blocklist # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer 2021travel.net 4upgradingstablesafe.work +abcscience.xyz adslauchgo.xyz affiliateland.io aikoo.club @@ -58,7 +59,6 @@ consumerprotectioncybersecurity.org contentamigo.ru contentarea.ru country-news.live -craftstash.us crazyprize.buzz credit-monitoring-360.xyz crowdweightyellow.top @@ -94,6 +94,7 @@ fastspotb.xyz fastwebb.xyz findaupgradingurls.work finditquick.online +finreporter.net fireapps.cloud flash-rewards.info funanime.me @@ -115,7 +116,6 @@ hpages.net huge2upgradescentral.work humansystemsecurity.top imagefind.org -incing-marganic.icu initiatecompletelyprecisethefile.vip initiatecompletelyprogressivethefile.vip initiatecompletelyspeedythefile.vip @@ -143,10 +143,8 @@ juicydataadvance.ru juicydataage.ru juicydataair.ru juicydataalt.ru -junemedia.bar junemedia.club junesmile.xyz -keepinfit.net koalaautumna.xyz koalaautumnb.xyz koalaautumnc.xyz @@ -169,30 +167,24 @@ koalawinterb.xyz koalawinterc.xyz koalawinterd.xyz koalawintere.xyz +kompsos.uk lackystack.net link4updatingcentral.work listenthisso.top lltrsknoob.click -loadadvancedextremelythefile.vip -loadextremelycurrentthefile.vip -loadextremelyrecentthefile.vip loadfree-bestheavilyfile.best loadgreatlynewestthefile.vip loadgreatlyoriginalthefile.vip loadgreatlyprogressivethefile.vip loadgreatlyrenewedthefile.vip -loadhighlyadvancedthefile.vip loadintenselyquickthefile.vip loadintenselyspeedythefile.vip loadintenselystrongthefile.vip loadintenselyswiftthefile.vip -loadnewestextremelythefile.vip loadnewestgreatlythefile.vip -loadoriginalextremelythefile.vip loadoriginalgreatlythefile.vip loadpreciseintenselythefile.vip loadprogressivegreatlythefile.vip -loadrecentextremelythefile.vip loadrenewedgreatlythefile.vip loadstrongintenselythefile.vip loadswiftintenselythefile.vip @@ -292,6 +284,7 @@ quizshein.shop rancy.xyz real-buy.net rewardgivingrealspecialoffer.cyou +richsurvey.live runadvanced-bestgreatlyfile.best rungreatly-bestadvancedfile.best safeguide.net @@ -308,7 +301,6 @@ sergey-tracks.xyz shopin.nyc shopnsave.world smartideas.pro -software-dealz.de sonic-ocean.xyz sonic-plains.xyz sonic1asteroid.xyz @@ -361,13 +353,13 @@ thedealexpert.net theirproviderock.top thelastpicture.show timefornews.online -timeoffers.net top-offers2.club topdating.online tracking-landers.xyz trotineo.fr truecompassion.net updatefix.xyz +updateview.tech upplaysite.xyz usepro.me useprovpn.me @@ -390,6 +382,7 @@ videovoiceace.ru viralsharks.net vpn-pro.club vpnsecurity.me +wallda.site watchextremely-bestsophisticatedfile.best watchprogressive-bestmostfile.best watchquick-bestheavilyfile.best @@ -409,10 +402,10 @@ westasea.xyz westastar.xyz winnerz.icu worldwideofficialpromotion.cyou -your-magazine.me yourlegendarysystemsupgrade.work yourlinkplaceupdatingfree.work yourluckytoday.club yourmoneymachine.cc yoursafestgreatplaceupdates.work +zalando-prive.es zeusmedia.info diff --git a/dist/pup-filter-hosts.txt b/dist/pup-filter-hosts.txt index 6244d98..1161d81 100644 --- a/dist/pup-filter-hosts.txt +++ b/dist/pup-filter-hosts.txt @@ -1,12 +1,13 @@ # Title: PUP Hosts Blocklist # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer 0.0.0.0 2021travel.net 0.0.0.0 4upgradingstablesafe.work +0.0.0.0 abcscience.xyz 0.0.0.0 adslauchgo.xyz 0.0.0.0 affiliateland.io 0.0.0.0 aikoo.club @@ -58,7 +59,6 @@ 0.0.0.0 contentamigo.ru 0.0.0.0 contentarea.ru 0.0.0.0 country-news.live -0.0.0.0 craftstash.us 0.0.0.0 crazyprize.buzz 0.0.0.0 credit-monitoring-360.xyz 0.0.0.0 crowdweightyellow.top @@ -94,6 +94,7 @@ 0.0.0.0 fastwebb.xyz 0.0.0.0 findaupgradingurls.work 0.0.0.0 finditquick.online +0.0.0.0 finreporter.net 0.0.0.0 fireapps.cloud 0.0.0.0 flash-rewards.info 0.0.0.0 funanime.me @@ -115,7 +116,6 @@ 0.0.0.0 huge2upgradescentral.work 0.0.0.0 humansystemsecurity.top 0.0.0.0 imagefind.org -0.0.0.0 incing-marganic.icu 0.0.0.0 initiatecompletelyprecisethefile.vip 0.0.0.0 initiatecompletelyprogressivethefile.vip 0.0.0.0 initiatecompletelyspeedythefile.vip @@ -143,10 +143,8 @@ 0.0.0.0 juicydataage.ru 0.0.0.0 juicydataair.ru 0.0.0.0 juicydataalt.ru -0.0.0.0 junemedia.bar 0.0.0.0 junemedia.club 0.0.0.0 junesmile.xyz -0.0.0.0 keepinfit.net 0.0.0.0 koalaautumna.xyz 0.0.0.0 koalaautumnb.xyz 0.0.0.0 koalaautumnc.xyz @@ -169,30 +167,24 @@ 0.0.0.0 koalawinterc.xyz 0.0.0.0 koalawinterd.xyz 0.0.0.0 koalawintere.xyz +0.0.0.0 kompsos.uk 0.0.0.0 lackystack.net 0.0.0.0 link4updatingcentral.work 0.0.0.0 listenthisso.top 0.0.0.0 lltrsknoob.click -0.0.0.0 loadadvancedextremelythefile.vip -0.0.0.0 loadextremelycurrentthefile.vip -0.0.0.0 loadextremelyrecentthefile.vip 0.0.0.0 loadfree-bestheavilyfile.best 0.0.0.0 loadgreatlynewestthefile.vip 0.0.0.0 loadgreatlyoriginalthefile.vip 0.0.0.0 loadgreatlyprogressivethefile.vip 0.0.0.0 loadgreatlyrenewedthefile.vip -0.0.0.0 loadhighlyadvancedthefile.vip 0.0.0.0 loadintenselyquickthefile.vip 0.0.0.0 loadintenselyspeedythefile.vip 0.0.0.0 loadintenselystrongthefile.vip 0.0.0.0 loadintenselyswiftthefile.vip -0.0.0.0 loadnewestextremelythefile.vip 0.0.0.0 loadnewestgreatlythefile.vip -0.0.0.0 loadoriginalextremelythefile.vip 0.0.0.0 loadoriginalgreatlythefile.vip 0.0.0.0 loadpreciseintenselythefile.vip 0.0.0.0 loadprogressivegreatlythefile.vip -0.0.0.0 loadrecentextremelythefile.vip 0.0.0.0 loadrenewedgreatlythefile.vip 0.0.0.0 loadstrongintenselythefile.vip 0.0.0.0 loadswiftintenselythefile.vip @@ -292,6 +284,7 @@ 0.0.0.0 rancy.xyz 0.0.0.0 real-buy.net 0.0.0.0 rewardgivingrealspecialoffer.cyou +0.0.0.0 richsurvey.live 0.0.0.0 runadvanced-bestgreatlyfile.best 0.0.0.0 rungreatly-bestadvancedfile.best 0.0.0.0 safeguide.net @@ -308,7 +301,6 @@ 0.0.0.0 shopin.nyc 0.0.0.0 shopnsave.world 0.0.0.0 smartideas.pro -0.0.0.0 software-dealz.de 0.0.0.0 sonic-ocean.xyz 0.0.0.0 sonic-plains.xyz 0.0.0.0 sonic1asteroid.xyz @@ -361,13 +353,13 @@ 0.0.0.0 theirproviderock.top 0.0.0.0 thelastpicture.show 0.0.0.0 timefornews.online -0.0.0.0 timeoffers.net 0.0.0.0 top-offers2.club 0.0.0.0 topdating.online 0.0.0.0 tracking-landers.xyz 0.0.0.0 trotineo.fr 0.0.0.0 truecompassion.net 0.0.0.0 updatefix.xyz +0.0.0.0 updateview.tech 0.0.0.0 upplaysite.xyz 0.0.0.0 usepro.me 0.0.0.0 useprovpn.me @@ -390,6 +382,7 @@ 0.0.0.0 viralsharks.net 0.0.0.0 vpn-pro.club 0.0.0.0 vpnsecurity.me +0.0.0.0 wallda.site 0.0.0.0 watchextremely-bestsophisticatedfile.best 0.0.0.0 watchprogressive-bestmostfile.best 0.0.0.0 watchquick-bestheavilyfile.best @@ -409,10 +402,10 @@ 0.0.0.0 westastar.xyz 0.0.0.0 winnerz.icu 0.0.0.0 worldwideofficialpromotion.cyou -0.0.0.0 your-magazine.me 0.0.0.0 yourlegendarysystemsupgrade.work 0.0.0.0 yourlinkplaceupdatingfree.work 0.0.0.0 yourluckytoday.club 0.0.0.0 yourmoneymachine.cc 0.0.0.0 yoursafestgreatplaceupdates.work +0.0.0.0 zalando-prive.es 0.0.0.0 zeusmedia.info diff --git a/dist/pup-filter-rpz.conf b/dist/pup-filter-rpz.conf index d4373b0..863250a 100644 --- a/dist/pup-filter-rpz.conf +++ b/dist/pup-filter-rpz.conf @@ -1,17 +1,18 @@ ; Title: PUP Domains RPZ Blocklist ; Description: Block domains that host potentially unwanted programs (PUP) -; Updated: Thu, 11 Nov 2021 12:03:21 +0000 +; Updated: Fri, 12 Nov 2021 00:02:54 +0000 ; Expires: 1 day (update frequency) ; Homepage: https://gitlab.com/curben/pup-filter ; License: https://gitlab.com/curben/pup-filter#license ; Source: https://github.com/zhouhanc/malware-discoverer $TTL 30 -@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1636632201 86400 3600 604800 30 +@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1636675374 86400 3600 604800 30 NS localhost. 2021travel.net CNAME . 4upgradingstablesafe.work CNAME . +abcscience.xyz CNAME . adslauchgo.xyz CNAME . affiliateland.io CNAME . aikoo.club CNAME . @@ -63,7 +64,6 @@ consumerprotectioncybersecurity.org CNAME . contentamigo.ru CNAME . contentarea.ru CNAME . country-news.live CNAME . -craftstash.us CNAME . crazyprize.buzz CNAME . credit-monitoring-360.xyz CNAME . crowdweightyellow.top CNAME . @@ -99,6 +99,7 @@ fastspotb.xyz CNAME . fastwebb.xyz CNAME . findaupgradingurls.work CNAME . finditquick.online CNAME . +finreporter.net CNAME . fireapps.cloud CNAME . flash-rewards.info CNAME . funanime.me CNAME . @@ -120,7 +121,6 @@ hpages.net CNAME . huge2upgradescentral.work CNAME . humansystemsecurity.top CNAME . imagefind.org CNAME . -incing-marganic.icu CNAME . initiatecompletelyprecisethefile.vip CNAME . initiatecompletelyprogressivethefile.vip CNAME . initiatecompletelyspeedythefile.vip CNAME . @@ -148,10 +148,8 @@ juicydataadvance.ru CNAME . juicydataage.ru CNAME . juicydataair.ru CNAME . juicydataalt.ru CNAME . -junemedia.bar CNAME . junemedia.club CNAME . junesmile.xyz CNAME . -keepinfit.net CNAME . koalaautumna.xyz CNAME . koalaautumnb.xyz CNAME . koalaautumnc.xyz CNAME . @@ -174,30 +172,24 @@ koalawinterb.xyz CNAME . koalawinterc.xyz CNAME . koalawinterd.xyz CNAME . koalawintere.xyz CNAME . +kompsos.uk CNAME . lackystack.net CNAME . link4updatingcentral.work CNAME . listenthisso.top CNAME . lltrsknoob.click CNAME . -loadadvancedextremelythefile.vip CNAME . -loadextremelycurrentthefile.vip CNAME . -loadextremelyrecentthefile.vip CNAME . loadfree-bestheavilyfile.best CNAME . loadgreatlynewestthefile.vip CNAME . loadgreatlyoriginalthefile.vip CNAME . loadgreatlyprogressivethefile.vip CNAME . loadgreatlyrenewedthefile.vip CNAME . -loadhighlyadvancedthefile.vip CNAME . loadintenselyquickthefile.vip CNAME . loadintenselyspeedythefile.vip CNAME . loadintenselystrongthefile.vip CNAME . loadintenselyswiftthefile.vip CNAME . -loadnewestextremelythefile.vip CNAME . loadnewestgreatlythefile.vip CNAME . -loadoriginalextremelythefile.vip CNAME . loadoriginalgreatlythefile.vip CNAME . loadpreciseintenselythefile.vip CNAME . loadprogressivegreatlythefile.vip CNAME . -loadrecentextremelythefile.vip CNAME . loadrenewedgreatlythefile.vip CNAME . loadstrongintenselythefile.vip CNAME . loadswiftintenselythefile.vip CNAME . @@ -297,6 +289,7 @@ quizshein.shop CNAME . rancy.xyz CNAME . real-buy.net CNAME . rewardgivingrealspecialoffer.cyou CNAME . +richsurvey.live CNAME . runadvanced-bestgreatlyfile.best CNAME . rungreatly-bestadvancedfile.best CNAME . safeguide.net CNAME . @@ -313,7 +306,6 @@ sergey-tracks.xyz CNAME . shopin.nyc CNAME . shopnsave.world CNAME . smartideas.pro CNAME . -software-dealz.de CNAME . sonic-ocean.xyz CNAME . sonic-plains.xyz CNAME . sonic1asteroid.xyz CNAME . @@ -366,13 +358,13 @@ thedealexpert.net CNAME . theirproviderock.top CNAME . thelastpicture.show CNAME . timefornews.online CNAME . -timeoffers.net CNAME . top-offers2.club CNAME . topdating.online CNAME . tracking-landers.xyz CNAME . trotineo.fr CNAME . truecompassion.net CNAME . updatefix.xyz CNAME . +updateview.tech CNAME . upplaysite.xyz CNAME . usepro.me CNAME . useprovpn.me CNAME . @@ -395,6 +387,7 @@ videovoiceace.ru CNAME . viralsharks.net CNAME . vpn-pro.club CNAME . vpnsecurity.me CNAME . +wallda.site CNAME . watchextremely-bestsophisticatedfile.best CNAME . watchprogressive-bestmostfile.best CNAME . watchquick-bestheavilyfile.best CNAME . @@ -414,10 +407,10 @@ westasea.xyz CNAME . westastar.xyz CNAME . winnerz.icu CNAME . worldwideofficialpromotion.cyou CNAME . -your-magazine.me CNAME . yourlegendarysystemsupgrade.work CNAME . yourlinkplaceupdatingfree.work CNAME . yourluckytoday.club CNAME . yourmoneymachine.cc CNAME . yoursafestgreatplaceupdates.work CNAME . +zalando-prive.es CNAME . zeusmedia.info CNAME . diff --git a/dist/pup-filter-snort2.rules b/dist/pup-filter-snort2.rules index 3ba0adc..26d96c7 100644 --- a/dist/pup-filter-snort2.rules +++ b/dist/pup-filter-snort2.rules @@ -1,64 +1,64 @@ # Title: PUP Domains Snort2 Ruleset # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"2021travel.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000001; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"4upgradingstablesafe.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"adslauchgo.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"affiliateland.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atwater.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beautinow.nl"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upcompletely-bestprecisefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upcompletely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upfree-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-uprenewed-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upuber-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000029; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"brightlifestyle.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000030; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000031; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000032; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000033; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000034; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000035; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000036; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000037; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000038; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeracoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeramountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centerastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeravolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chatverse.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkstableaupdatinglinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chipovysta.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimrewards.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"coatofarms.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connecttheupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"craftstash.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"abcscience.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"adslauchgo.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"affiliateland.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atwater.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-cars-for-seniors-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000016; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000017; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beautinow.nl"; content:"Host"; http_header; classtype:web-application-activity; sid:300000018; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"beinspired.global"; content:"Host"; http_header; classtype:web-application-activity; sid:300000019; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bkk755.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000020; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bleu-bonheur.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000021; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"bluetiger.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000022; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upcompletely-bestprecisefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000023; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upcompletely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000024; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upfree-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000025; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000026; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upheavily-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000027; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-uprenewed-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000028; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upsophisticated-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000029; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"boot-upuber-bestfreefile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000030; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"brightlifestyle.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000031; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000032; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center-planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000033; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000034; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000035; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000036; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000037; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000038; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"center7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeracoast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeramountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centerastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"centeravolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chatverse.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"checkstableaupdatinglinks.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"chipovysta.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"claimrewards.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"coatofarms.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"connecttheupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000055; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000056; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crowdweightyellow.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000057; rev:1;) @@ -94,28 +94,28 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastwebb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findaupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"finditquick.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fireapps.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flash-rewards.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funanime.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funny-media.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"get-your-score.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gettheraiceheadreliefhat.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpages.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"huge2upgradescentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"humansystemsecurity.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incing-marganic.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"finreporter.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fireapps.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flash-rewards.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funanime.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funny-media.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"get-your-score.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gettheraiceheadreliefhat.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpages.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"huge2upgradescentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"humansystemsecurity.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;) @@ -143,276 +143,269 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataage.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000136; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataair.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000137; rev:1;) alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000138; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.bar"; content:"Host"; http_header; classtype:web-application-activity; sid:300000139; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000140; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junesmile.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000141; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepinfit.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000142; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000143; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000144; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000145; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000146; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000147; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000148; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000149; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000150; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000151; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000152; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000153; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000154; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000155; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000156; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000157; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000158; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000159; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000160; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000161; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000162; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000163; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000164; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lackystack.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000165; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"link4updatingcentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000166; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"listenthisso.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000167; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lltrsknoob.click"; content:"Host"; http_header; classtype:web-application-activity; sid:300000168; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadadvancedextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000169; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadextremelycurrentthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000170; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadextremelyrecentthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000171; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadfree-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000172; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlynewestthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000173; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyoriginalthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000174; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000175; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyrenewedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000176; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadhighlyadvancedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000177; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyquickthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000178; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000179; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselystrongthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000180; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadnewestextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadnewestgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadoriginalextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadoriginalgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadpreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadprogressivegreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrecentextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrenewedgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadstrongintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadswiftintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"louisvillegigs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loveorfun.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckyworldwideprizerandom.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketloans.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"matchyourgirl.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mazestation.games"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"media-cloud.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaadvanced.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeryslotspin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobyfox.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"money-hero.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newbuy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"olivedinflats.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pcsecurity-live.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"peterhahn.be"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placesiteb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspind.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppploanchoices.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"press-news-for.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"producthunter.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitsurvey365.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"promotionclaim.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"proprotect.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-ios.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"provpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prtctapp.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"qfind.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quizshein.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rancy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"real-buy.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardgivingrealspecialoffer.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safeguide.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seaplaytoo.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-exp.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchoffers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"selectedlab.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"software-dealz.de"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonicacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stogether.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselysophisticatedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streampreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamspeedyintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"summermedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweetalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweetgirls.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccurrentmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatestintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmostprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestuberthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrecentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncubercurrentfiles.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syssysupdate.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thanksyoursupport.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedealexpert.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theirproviderock.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timefornews.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timeoffers.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"top-offers2.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000358; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"topdating.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000359; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tracking-landers.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000360; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trotineo.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000361; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"truecompassion.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000362; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatefix.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000363; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplaysite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000364; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000365; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"useprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000366; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usevpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000367; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usforeclosure.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000368; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videoau.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000369; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videoauthor.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000370; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videochanelace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000371; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videochanelact.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000372; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videochanelair.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000373; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videolookable.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000374; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videolookace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000375; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videolookact.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000376; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videolookalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000377; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videomixable.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000378; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videomixace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000379; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videomixact.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000380; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videovoiceable.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000381; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videovoiceace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000382; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"viralsharks.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000383; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn-pro.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000384; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnsecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000385; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchextremely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000386; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000387; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchquick-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000388; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchrefined-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000389; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-security.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000390; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000391; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000392; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000393; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000394; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000395; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000396; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000397; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westamountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000398; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000399; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000400; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westasea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000401; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000402; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000403; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000404; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"your-magazine.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000405; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000406; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000407; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourluckytoday.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000408; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000409; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000410; rev:1;) -alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zeusmedia.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000411; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000139; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junesmile.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000140; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000141; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000142; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000143; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000144; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000145; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000146; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000147; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000148; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000149; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000150; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000151; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000152; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000153; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000154; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000155; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000156; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000157; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000158; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000159; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000160; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000161; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000162; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"kompsos.uk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000163; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lackystack.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000164; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"link4updatingcentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000165; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"listenthisso.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000166; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lltrsknoob.click"; content:"Host"; http_header; classtype:web-application-activity; sid:300000167; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadfree-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000168; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlynewestthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000169; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyoriginalthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000170; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000171; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyrenewedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000172; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyquickthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000173; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000174; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselystrongthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000175; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000176; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadnewestgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000177; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadoriginalgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000178; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadpreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000179; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadprogressivegreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000180; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrenewedgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadstrongintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadswiftintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"louisvillegigs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loveorfun.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"luckyworldwideprizerandom.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketloans.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"matchyourgirl.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mazestation.games"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"media-cloud.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaadvanced.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeryslotspin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1mountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobi7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobiavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobyfox.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"money-hero.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newbuy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"olivedinflats.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pcsecurity-live.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"peterhahn.be"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placesiteb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspind.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ppploanchoices.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"press-news-for.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"producthunter.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"profitsurvey365.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"promotionclaim.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"proprotect.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-ios.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"provpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prtctapp.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"qfind.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quizshein.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rancy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"real-buy.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardgivingrealspecialoffer.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"richsurvey.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safeguide.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seaplaytoo.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-exp.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchoffers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"selectedlab.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic-plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonic7sea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sonicacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stogether.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselysophisticatedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streampreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamspeedyintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"summermedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweetalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sweetgirls.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccurrentmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatestintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmostprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestuberthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrecentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncubercurrentfiles.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syssysupdate.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thanksyoursupport.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the-star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1planet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the1volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7coast.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7crater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"the7volcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theacrater.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theavolcano.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thedealexpert.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theirproviderock.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timefornews.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"top-offers2.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"topdating.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tracking-landers.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trotineo.fr"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"truecompassion.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatefix.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updateview.tech"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplaysite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"useprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000358; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usevpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000359; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usforeclosure.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000360; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videoau.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000361; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videoauthor.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000362; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videochanelace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000363; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videochanelact.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000364; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videochanelair.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000365; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videolookable.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000366; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videolookace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000367; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videolookact.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000368; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videolookalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000369; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videomixable.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000370; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videomixace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000371; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videomixact.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000372; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videovoiceable.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000373; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"videovoiceace.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000374; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"viralsharks.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000375; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn-pro.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000376; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnsecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000377; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wallda.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000378; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchextremely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000379; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000380; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchquick-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000381; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchrefined-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000382; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-security.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000383; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000384; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1asteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000385; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1ocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000386; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1plains.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000387; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1sky.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000388; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"west1star.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000389; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaasteroid.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000390; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westamountain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000391; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaocean.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000392; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westaplanet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000393; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westasea.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000394; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"westastar.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000395; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000396; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000397; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000398; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000399; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourluckytoday.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000400; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000401; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000402; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zalando-prive.es"; content:"Host"; http_header; classtype:web-application-activity; sid:300000403; rev:1;) +alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"zeusmedia.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000404; rev:1;) diff --git a/dist/pup-filter-snort3.rules b/dist/pup-filter-snort3.rules index 7502339..11cf20a 100644 --- a/dist/pup-filter-snort3.rules +++ b/dist/pup-filter-snort3.rules @@ -1,64 +1,64 @@ # Title: PUP Domains Snort3 Ruleset # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"2021travel.net",nocase; classtype:web-application-activity; sid:300000001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"4upgradingstablesafe.work",nocase; classtype:web-application-activity; sid:300000002; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"adslauchgo.xyz",nocase; classtype:web-application-activity; sid:300000003; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"affiliateland.io",nocase; classtype:web-application-activity; sid:300000004; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000005; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000006; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000007; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000008; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atwater.org",nocase; classtype:web-application-activity; sid:300000009; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000010; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000011; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000012; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000013; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000016; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beautinow.nl",nocase; classtype:web-application-activity; sid:300000017; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000018; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000019; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000020; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000021; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upcompletely-bestprecisefile.best",nocase; classtype:web-application-activity; sid:300000022; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upcompletely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upfree-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000025; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000026; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-uprenewed-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000027; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000028; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upuber-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000029; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"brightlifestyle.org",nocase; classtype:web-application-activity; sid:300000030; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000031; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-planet.xyz",nocase; classtype:web-application-activity; sid:300000032; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1plains.xyz",nocase; classtype:web-application-activity; sid:300000033; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1sky.xyz",nocase; classtype:web-application-activity; sid:300000034; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1star.xyz",nocase; classtype:web-application-activity; sid:300000035; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7mountain.xyz",nocase; classtype:web-application-activity; sid:300000036; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7ocean.xyz",nocase; classtype:web-application-activity; sid:300000037; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7planet.xyz",nocase; classtype:web-application-activity; sid:300000038; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7sky.xyz",nocase; classtype:web-application-activity; sid:300000039; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeracoast.xyz",nocase; classtype:web-application-activity; sid:300000040; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeramountain.xyz",nocase; classtype:web-application-activity; sid:300000041; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centerastar.xyz",nocase; classtype:web-application-activity; sid:300000042; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeravolcano.xyz",nocase; classtype:web-application-activity; sid:300000043; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chatverse.net",nocase; classtype:web-application-activity; sid:300000044; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"checkstableaupdatinglinks.work",nocase; classtype:web-application-activity; sid:300000045; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chipovysta.pro",nocase; classtype:web-application-activity; sid:300000046; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"claimrewards.rest",nocase; classtype:web-application-activity; sid:300000047; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"coatofarms.nyc",nocase; classtype:web-application-activity; sid:300000048; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connecttheupgradingurls.work",nocase; classtype:web-application-activity; sid:300000049; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000050; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000051; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000052; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000053; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"craftstash.us",nocase; classtype:web-application-activity; sid:300000054; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"abcscience.xyz",nocase; classtype:web-application-activity; sid:300000003; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"adslauchgo.xyz",nocase; classtype:web-application-activity; sid:300000004; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"affiliateland.io",nocase; classtype:web-application-activity; sid:300000005; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000006; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000007; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000008; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000009; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atwater.org",nocase; classtype:web-application-activity; sid:300000010; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000011; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000012; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000013; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000014; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000015; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-cars-for-seniors-ok.live",nocase; classtype:web-application-activity; sid:300000016; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000017; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beautinow.nl",nocase; classtype:web-application-activity; sid:300000018; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"beinspired.global",nocase; classtype:web-application-activity; sid:300000019; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bkk755.biz",nocase; classtype:web-application-activity; sid:300000020; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bleu-bonheur.fr",nocase; classtype:web-application-activity; sid:300000021; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"bluetiger.cloud",nocase; classtype:web-application-activity; sid:300000022; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upcompletely-bestprecisefile.best",nocase; classtype:web-application-activity; sid:300000023; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upcompletely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000024; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upfree-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000025; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000026; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upheavily-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000027; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-uprenewed-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000028; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upsophisticated-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000029; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"boot-upuber-bestfreefile.best",nocase; classtype:web-application-activity; sid:300000030; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"brightlifestyle.org",nocase; classtype:web-application-activity; sid:300000031; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-plains.xyz",nocase; classtype:web-application-activity; sid:300000032; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center-planet.xyz",nocase; classtype:web-application-activity; sid:300000033; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1plains.xyz",nocase; classtype:web-application-activity; sid:300000034; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1sky.xyz",nocase; classtype:web-application-activity; sid:300000035; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center1star.xyz",nocase; classtype:web-application-activity; sid:300000036; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7mountain.xyz",nocase; classtype:web-application-activity; sid:300000037; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7ocean.xyz",nocase; classtype:web-application-activity; sid:300000038; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7planet.xyz",nocase; classtype:web-application-activity; sid:300000039; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"center7sky.xyz",nocase; classtype:web-application-activity; sid:300000040; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeracoast.xyz",nocase; classtype:web-application-activity; sid:300000041; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeramountain.xyz",nocase; classtype:web-application-activity; sid:300000042; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centerastar.xyz",nocase; classtype:web-application-activity; sid:300000043; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"centeravolcano.xyz",nocase; classtype:web-application-activity; sid:300000044; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chatverse.net",nocase; classtype:web-application-activity; sid:300000045; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"checkstableaupdatinglinks.work",nocase; classtype:web-application-activity; sid:300000046; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"chipovysta.pro",nocase; classtype:web-application-activity; sid:300000047; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"claimrewards.rest",nocase; classtype:web-application-activity; sid:300000048; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"coatofarms.nyc",nocase; classtype:web-application-activity; sid:300000049; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"connecttheupgradingurls.work",nocase; classtype:web-application-activity; sid:300000050; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000051; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000052; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000053; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crowdweightyellow.top",nocase; classtype:web-application-activity; sid:300000057; rev:1;) @@ -94,28 +94,28 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastwebb.xyz",nocase; classtype:web-application-activity; sid:300000087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findaupgradingurls.work",nocase; classtype:web-application-activity; sid:300000088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"finditquick.online",nocase; classtype:web-application-activity; sid:300000089; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fireapps.cloud",nocase; classtype:web-application-activity; sid:300000090; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flash-rewards.info",nocase; classtype:web-application-activity; sid:300000091; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funanime.me",nocase; classtype:web-application-activity; sid:300000092; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funny-media.ru",nocase; classtype:web-application-activity; sid:300000093; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000094; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000095; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"get-your-score.club",nocase; classtype:web-application-activity; sid:300000096; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gettheraiceheadreliefhat.io",nocase; classtype:web-application-activity; sid:300000097; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000098; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000099; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000100; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000101; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000102; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000103; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000104; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000105; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000106; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hpages.net",nocase; classtype:web-application-activity; sid:300000107; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"huge2upgradescentral.work",nocase; classtype:web-application-activity; sid:300000108; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"humansystemsecurity.top",nocase; classtype:web-application-activity; sid:300000109; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000110; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incing-marganic.icu",nocase; classtype:web-application-activity; sid:300000111; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"finreporter.net",nocase; classtype:web-application-activity; sid:300000090; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fireapps.cloud",nocase; classtype:web-application-activity; sid:300000091; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flash-rewards.info",nocase; classtype:web-application-activity; sid:300000092; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funanime.me",nocase; classtype:web-application-activity; sid:300000093; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funny-media.ru",nocase; classtype:web-application-activity; sid:300000094; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000095; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000096; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"get-your-score.club",nocase; classtype:web-application-activity; sid:300000097; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gettheraiceheadreliefhat.io",nocase; classtype:web-application-activity; sid:300000098; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000099; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000100; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000101; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000102; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000103; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000104; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000105; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000106; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000107; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hpages.net",nocase; classtype:web-application-activity; sid:300000108; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"huge2upgradescentral.work",nocase; classtype:web-application-activity; sid:300000109; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"humansystemsecurity.top",nocase; classtype:web-application-activity; sid:300000110; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000114; rev:1;) @@ -143,276 +143,269 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataage.ru",nocase; classtype:web-application-activity; sid:300000136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataair.ru",nocase; classtype:web-application-activity; sid:300000137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataalt.ru",nocase; classtype:web-application-activity; sid:300000138; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.bar",nocase; classtype:web-application-activity; sid:300000139; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.club",nocase; classtype:web-application-activity; sid:300000140; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junesmile.xyz",nocase; classtype:web-application-activity; sid:300000141; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"keepinfit.net",nocase; classtype:web-application-activity; sid:300000142; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumna.xyz",nocase; classtype:web-application-activity; sid:300000143; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000144; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000145; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000146; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumne.xyz",nocase; classtype:web-application-activity; sid:300000147; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000148; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringa.xyz",nocase; classtype:web-application-activity; sid:300000149; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringb.xyz",nocase; classtype:web-application-activity; sid:300000150; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringc.xyz",nocase; classtype:web-application-activity; sid:300000151; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringd.xyz",nocase; classtype:web-application-activity; sid:300000152; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringe.xyz",nocase; classtype:web-application-activity; sid:300000153; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringf.xyz",nocase; classtype:web-application-activity; sid:300000154; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummera.xyz",nocase; classtype:web-application-activity; sid:300000155; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerc.xyz",nocase; classtype:web-application-activity; sid:300000156; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerd.xyz",nocase; classtype:web-application-activity; sid:300000157; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummere.xyz",nocase; classtype:web-application-activity; sid:300000158; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerf.xyz",nocase; classtype:web-application-activity; sid:300000159; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintera.xyz",nocase; classtype:web-application-activity; sid:300000160; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterb.xyz",nocase; classtype:web-application-activity; sid:300000161; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterc.xyz",nocase; classtype:web-application-activity; sid:300000162; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterd.xyz",nocase; classtype:web-application-activity; sid:300000163; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintere.xyz",nocase; classtype:web-application-activity; sid:300000164; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lackystack.net",nocase; classtype:web-application-activity; sid:300000165; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"link4updatingcentral.work",nocase; classtype:web-application-activity; sid:300000166; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"listenthisso.top",nocase; classtype:web-application-activity; sid:300000167; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lltrsknoob.click",nocase; classtype:web-application-activity; sid:300000168; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadadvancedextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000169; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadextremelycurrentthefile.vip",nocase; classtype:web-application-activity; sid:300000170; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadextremelyrecentthefile.vip",nocase; classtype:web-application-activity; sid:300000171; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadfree-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000172; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlynewestthefile.vip",nocase; classtype:web-application-activity; sid:300000173; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyoriginalthefile.vip",nocase; classtype:web-application-activity; sid:300000174; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000175; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyrenewedthefile.vip",nocase; classtype:web-application-activity; sid:300000176; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadhighlyadvancedthefile.vip",nocase; classtype:web-application-activity; sid:300000177; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyquickthefile.vip",nocase; classtype:web-application-activity; sid:300000178; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000179; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselystrongthefile.vip",nocase; classtype:web-application-activity; sid:300000180; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000181; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadnewestextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000182; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadnewestgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000183; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadoriginalextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000184; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadoriginalgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000185; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadpreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000186; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadprogressivegreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000187; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrecentextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000188; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrenewedgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000189; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadstrongintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000190; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadswiftintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000191; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"louisvillegigs.net",nocase; classtype:web-application-activity; sid:300000192; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loveorfun.cc",nocase; classtype:web-application-activity; sid:300000193; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000194; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckyworldwideprizerandom.rest",nocase; classtype:web-application-activity; sid:300000195; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"marketloans.net",nocase; classtype:web-application-activity; sid:300000196; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"matchyourgirl.online",nocase; classtype:web-application-activity; sid:300000197; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mazestation.games",nocase; classtype:web-application-activity; sid:300000198; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"media-cloud.ru",nocase; classtype:web-application-activity; sid:300000199; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaadvanced.ru",nocase; classtype:web-application-activity; sid:300000200; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"meeryslotspin.xyz",nocase; classtype:web-application-activity; sid:300000201; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1mountain.xyz",nocase; classtype:web-application-activity; sid:300000202; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1planet.xyz",nocase; classtype:web-application-activity; sid:300000203; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sea.xyz",nocase; classtype:web-application-activity; sid:300000204; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sky.xyz",nocase; classtype:web-application-activity; sid:300000205; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7volcano.xyz",nocase; classtype:web-application-activity; sid:300000206; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiacrater.xyz",nocase; classtype:web-application-activity; sid:300000207; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaocean.xyz",nocase; classtype:web-application-activity; sid:300000208; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaplanet.xyz",nocase; classtype:web-application-activity; sid:300000209; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiastar.xyz",nocase; classtype:web-application-activity; sid:300000210; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiavolcano.xyz",nocase; classtype:web-application-activity; sid:300000211; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobyfox.shop",nocase; classtype:web-application-activity; sid:300000212; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"money-hero.org",nocase; classtype:web-application-activity; sid:300000213; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000214; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newbuy.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000216; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000217; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"olivedinflats.space",nocase; classtype:web-application-activity; sid:300000218; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumna.xyz",nocase; classtype:web-application-activity; sid:300000219; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000220; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000221; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000222; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000223; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringa.xyz",nocase; classtype:web-application-activity; sid:300000224; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringb.xyz",nocase; classtype:web-application-activity; sid:300000225; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringc.xyz",nocase; classtype:web-application-activity; sid:300000226; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringd.xyz",nocase; classtype:web-application-activity; sid:300000227; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000228; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringf.xyz",nocase; classtype:web-application-activity; sid:300000229; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummera.xyz",nocase; classtype:web-application-activity; sid:300000230; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerc.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerd.xyz",nocase; classtype:web-application-activity; sid:300000232; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummere.xyz",nocase; classtype:web-application-activity; sid:300000233; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerf.xyz",nocase; classtype:web-application-activity; sid:300000234; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintera.xyz",nocase; classtype:web-application-activity; sid:300000235; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterb.xyz",nocase; classtype:web-application-activity; sid:300000236; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000237; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000238; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000239; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterf.xyz",nocase; classtype:web-application-activity; sid:300000240; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pcsecurity-live.xyz",nocase; classtype:web-application-activity; sid:300000241; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000242; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000243; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"peterhahn.be",nocase; classtype:web-application-activity; sid:300000244; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000245; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000246; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placesiteb.xyz",nocase; classtype:web-application-activity; sid:300000247; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000248; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000249; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000250; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000251; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000252; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000253; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000254; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000255; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspind.xyz",nocase; classtype:web-application-activity; sid:300000256; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000257; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringb.xyz",nocase; classtype:web-application-activity; sid:300000258; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringc.xyz",nocase; classtype:web-application-activity; sid:300000259; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringd.xyz",nocase; classtype:web-application-activity; sid:300000260; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringe.xyz",nocase; classtype:web-application-activity; sid:300000261; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummera.xyz",nocase; classtype:web-application-activity; sid:300000262; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerb.xyz",nocase; classtype:web-application-activity; sid:300000263; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerc.xyz",nocase; classtype:web-application-activity; sid:300000264; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummere.xyz",nocase; classtype:web-application-activity; sid:300000265; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerf.xyz",nocase; classtype:web-application-activity; sid:300000266; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintera.xyz",nocase; classtype:web-application-activity; sid:300000267; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterb.xyz",nocase; classtype:web-application-activity; sid:300000268; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterc.xyz",nocase; classtype:web-application-activity; sid:300000269; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterd.xyz",nocase; classtype:web-application-activity; sid:300000270; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintere.xyz",nocase; classtype:web-application-activity; sid:300000271; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterf.xyz",nocase; classtype:web-application-activity; sid:300000272; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ppploanchoices.site",nocase; classtype:web-application-activity; sid:300000273; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"press-news-for.me",nocase; classtype:web-application-activity; sid:300000274; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000275; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"producthunter.club",nocase; classtype:web-application-activity; sid:300000276; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitsurvey365.online",nocase; classtype:web-application-activity; sid:300000277; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"promotionclaim.rest",nocase; classtype:web-application-activity; sid:300000278; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"proprotect.me",nocase; classtype:web-application-activity; sid:300000279; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protect-ios.com",nocase; classtype:web-application-activity; sid:300000280; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"provpn.me",nocase; classtype:web-application-activity; sid:300000281; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prtctapp.me",nocase; classtype:web-application-activity; sid:300000282; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"qfind.net",nocase; classtype:web-application-activity; sid:300000283; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quizshein.shop",nocase; classtype:web-application-activity; sid:300000284; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rancy.xyz",nocase; classtype:web-application-activity; sid:300000285; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"real-buy.net",nocase; classtype:web-application-activity; sid:300000286; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardgivingrealspecialoffer.cyou",nocase; classtype:web-application-activity; sid:300000287; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000288; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000289; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safeguide.net",nocase; classtype:web-application-activity; sid:300000290; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000291; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seaplaytoo.top",nocase; classtype:web-application-activity; sid:300000292; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-exp.online",nocase; classtype:web-application-activity; sid:300000293; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000294; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000295; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000296; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000297; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchoffers.info",nocase; classtype:web-application-activity; sid:300000298; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"selectedlab.buzz",nocase; classtype:web-application-activity; sid:300000299; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000300; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000301; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000302; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000303; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"software-dealz.de",nocase; classtype:web-application-activity; sid:300000304; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-ocean.xyz",nocase; classtype:web-application-activity; sid:300000305; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-plains.xyz",nocase; classtype:web-application-activity; sid:300000306; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000307; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1coast.xyz",nocase; classtype:web-application-activity; sid:300000308; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1ocean.xyz",nocase; classtype:web-application-activity; sid:300000309; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic7sea.xyz",nocase; classtype:web-application-activity; sid:300000310; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonicacrater.xyz",nocase; classtype:web-application-activity; sid:300000311; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000312; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000313; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000314; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000315; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000316; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000317; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stogether.fun",nocase; classtype:web-application-activity; sid:300000318; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000319; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000320; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselysophisticatedthefile.vip",nocase; classtype:web-application-activity; sid:300000321; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streampreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000322; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000323; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamspeedyintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000324; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000325; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"summermedia.club",nocase; classtype:web-application-activity; sid:300000326; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sweetalt.ru",nocase; classtype:web-application-activity; sid:300000327; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sweetgirls.buzz",nocase; classtype:web-application-activity; sid:300000328; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccurrentmostthefile.vip",nocase; classtype:web-application-activity; sid:300000329; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatestintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000330; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncmostprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000331; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestmostthefile.vip",nocase; classtype:web-application-activity; sid:300000332; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestuberthefile.vip",nocase; classtype:web-application-activity; sid:300000333; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrecentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000334; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncubercurrentfiles.best",nocase; classtype:web-application-activity; sid:300000335; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syssysupdate.top",nocase; classtype:web-application-activity; sid:300000336; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000337; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thanksyoursupport.club",nocase; classtype:web-application-activity; sid:300000338; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-crater.xyz",nocase; classtype:web-application-activity; sid:300000339; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-sky.xyz",nocase; classtype:web-application-activity; sid:300000340; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-star.xyz",nocase; classtype:web-application-activity; sid:300000341; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1planet.xyz",nocase; classtype:web-application-activity; sid:300000342; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1star.xyz",nocase; classtype:web-application-activity; sid:300000343; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1volcano.xyz",nocase; classtype:web-application-activity; sid:300000344; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7coast.xyz",nocase; classtype:web-application-activity; sid:300000345; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7crater.xyz",nocase; classtype:web-application-activity; sid:300000346; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7plains.xyz",nocase; classtype:web-application-activity; sid:300000347; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7volcano.xyz",nocase; classtype:web-application-activity; sid:300000348; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000349; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theacrater.xyz",nocase; classtype:web-application-activity; sid:300000350; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theastar.xyz",nocase; classtype:web-application-activity; sid:300000351; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theavolcano.xyz",nocase; classtype:web-application-activity; sid:300000352; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thedealexpert.net",nocase; classtype:web-application-activity; sid:300000353; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theirproviderock.top",nocase; classtype:web-application-activity; sid:300000354; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000355; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timefornews.online",nocase; classtype:web-application-activity; sid:300000356; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timeoffers.net",nocase; classtype:web-application-activity; sid:300000357; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"top-offers2.club",nocase; classtype:web-application-activity; sid:300000358; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"topdating.online",nocase; classtype:web-application-activity; sid:300000359; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tracking-landers.xyz",nocase; classtype:web-application-activity; sid:300000360; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trotineo.fr",nocase; classtype:web-application-activity; sid:300000361; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"truecompassion.net",nocase; classtype:web-application-activity; sid:300000362; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatefix.xyz",nocase; classtype:web-application-activity; sid:300000363; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplaysite.xyz",nocase; classtype:web-application-activity; sid:300000364; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usepro.me",nocase; classtype:web-application-activity; sid:300000365; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"useprovpn.me",nocase; classtype:web-application-activity; sid:300000366; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usevpnpro.me",nocase; classtype:web-application-activity; sid:300000367; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usforeclosure.net",nocase; classtype:web-application-activity; sid:300000368; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videoau.ru",nocase; classtype:web-application-activity; sid:300000369; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videoauthor.ru",nocase; classtype:web-application-activity; sid:300000370; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videochanelace.ru",nocase; classtype:web-application-activity; sid:300000371; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videochanelact.ru",nocase; classtype:web-application-activity; sid:300000372; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videochanelair.ru",nocase; classtype:web-application-activity; sid:300000373; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videolookable.ru",nocase; classtype:web-application-activity; sid:300000374; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videolookace.ru",nocase; classtype:web-application-activity; sid:300000375; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videolookact.ru",nocase; classtype:web-application-activity; sid:300000376; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videolookalt.ru",nocase; classtype:web-application-activity; sid:300000377; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videomixable.ru",nocase; classtype:web-application-activity; sid:300000378; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videomixace.ru",nocase; classtype:web-application-activity; sid:300000379; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videomixact.ru",nocase; classtype:web-application-activity; sid:300000380; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videovoiceable.ru",nocase; classtype:web-application-activity; sid:300000381; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videovoiceace.ru",nocase; classtype:web-application-activity; sid:300000382; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"viralsharks.net",nocase; classtype:web-application-activity; sid:300000383; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn-pro.club",nocase; classtype:web-application-activity; sid:300000384; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnsecurity.me",nocase; classtype:web-application-activity; sid:300000385; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchextremely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000386; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000387; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchquick-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000388; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchrefined-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000389; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"web-security.ml",nocase; classtype:web-application-activity; sid:300000390; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000391; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000392; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1ocean.xyz",nocase; classtype:web-application-activity; sid:300000393; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1plains.xyz",nocase; classtype:web-application-activity; sid:300000394; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1sky.xyz",nocase; classtype:web-application-activity; sid:300000395; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1star.xyz",nocase; classtype:web-application-activity; sid:300000396; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000397; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westamountain.xyz",nocase; classtype:web-application-activity; sid:300000398; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaocean.xyz",nocase; classtype:web-application-activity; sid:300000399; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaplanet.xyz",nocase; classtype:web-application-activity; sid:300000400; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westasea.xyz",nocase; classtype:web-application-activity; sid:300000401; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westastar.xyz",nocase; classtype:web-application-activity; sid:300000402; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.icu",nocase; classtype:web-application-activity; sid:300000403; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000404; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"your-magazine.me",nocase; classtype:web-application-activity; sid:300000405; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000406; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000407; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourluckytoday.club",nocase; classtype:web-application-activity; sid:300000408; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000409; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000410; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zeusmedia.info",nocase; classtype:web-application-activity; sid:300000411; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.club",nocase; classtype:web-application-activity; sid:300000139; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junesmile.xyz",nocase; classtype:web-application-activity; sid:300000140; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumna.xyz",nocase; classtype:web-application-activity; sid:300000141; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000142; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000143; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000144; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumne.xyz",nocase; classtype:web-application-activity; sid:300000145; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000146; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringa.xyz",nocase; classtype:web-application-activity; sid:300000147; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringb.xyz",nocase; classtype:web-application-activity; sid:300000148; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringc.xyz",nocase; classtype:web-application-activity; sid:300000149; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringd.xyz",nocase; classtype:web-application-activity; sid:300000150; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringe.xyz",nocase; classtype:web-application-activity; sid:300000151; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringf.xyz",nocase; classtype:web-application-activity; sid:300000152; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummera.xyz",nocase; classtype:web-application-activity; sid:300000153; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerc.xyz",nocase; classtype:web-application-activity; sid:300000154; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerd.xyz",nocase; classtype:web-application-activity; sid:300000155; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummere.xyz",nocase; classtype:web-application-activity; sid:300000156; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerf.xyz",nocase; classtype:web-application-activity; sid:300000157; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintera.xyz",nocase; classtype:web-application-activity; sid:300000158; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterb.xyz",nocase; classtype:web-application-activity; sid:300000159; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterc.xyz",nocase; classtype:web-application-activity; sid:300000160; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterd.xyz",nocase; classtype:web-application-activity; sid:300000161; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintere.xyz",nocase; classtype:web-application-activity; sid:300000162; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"kompsos.uk",nocase; classtype:web-application-activity; sid:300000163; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lackystack.net",nocase; classtype:web-application-activity; sid:300000164; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"link4updatingcentral.work",nocase; classtype:web-application-activity; sid:300000165; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"listenthisso.top",nocase; classtype:web-application-activity; sid:300000166; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lltrsknoob.click",nocase; classtype:web-application-activity; sid:300000167; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadfree-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000168; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlynewestthefile.vip",nocase; classtype:web-application-activity; sid:300000169; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyoriginalthefile.vip",nocase; classtype:web-application-activity; sid:300000170; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000171; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyrenewedthefile.vip",nocase; classtype:web-application-activity; sid:300000172; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyquickthefile.vip",nocase; classtype:web-application-activity; sid:300000173; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000174; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselystrongthefile.vip",nocase; classtype:web-application-activity; sid:300000175; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000176; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadnewestgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000177; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadoriginalgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000178; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadpreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000179; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadprogressivegreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000180; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrenewedgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000181; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadstrongintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000182; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadswiftintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000183; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"louisvillegigs.net",nocase; classtype:web-application-activity; sid:300000184; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loveorfun.cc",nocase; classtype:web-application-activity; sid:300000185; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000186; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"luckyworldwideprizerandom.rest",nocase; classtype:web-application-activity; sid:300000187; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"marketloans.net",nocase; classtype:web-application-activity; sid:300000188; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"matchyourgirl.online",nocase; classtype:web-application-activity; sid:300000189; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mazestation.games",nocase; classtype:web-application-activity; sid:300000190; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"media-cloud.ru",nocase; classtype:web-application-activity; sid:300000191; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaadvanced.ru",nocase; classtype:web-application-activity; sid:300000192; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"meeryslotspin.xyz",nocase; classtype:web-application-activity; sid:300000193; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1mountain.xyz",nocase; classtype:web-application-activity; sid:300000194; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi1planet.xyz",nocase; classtype:web-application-activity; sid:300000195; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sea.xyz",nocase; classtype:web-application-activity; sid:300000196; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7sky.xyz",nocase; classtype:web-application-activity; sid:300000197; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobi7volcano.xyz",nocase; classtype:web-application-activity; sid:300000198; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiacrater.xyz",nocase; classtype:web-application-activity; sid:300000199; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaocean.xyz",nocase; classtype:web-application-activity; sid:300000200; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiaplanet.xyz",nocase; classtype:web-application-activity; sid:300000201; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiastar.xyz",nocase; classtype:web-application-activity; sid:300000202; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobiavolcano.xyz",nocase; classtype:web-application-activity; sid:300000203; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobyfox.shop",nocase; classtype:web-application-activity; sid:300000204; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"money-hero.org",nocase; classtype:web-application-activity; sid:300000205; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000206; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newbuy.xyz",nocase; classtype:web-application-activity; sid:300000207; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000208; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000209; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"olivedinflats.space",nocase; classtype:web-application-activity; sid:300000210; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumna.xyz",nocase; classtype:web-application-activity; sid:300000211; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000212; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000213; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000214; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringa.xyz",nocase; classtype:web-application-activity; sid:300000216; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringb.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringc.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringd.xyz",nocase; classtype:web-application-activity; sid:300000219; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000220; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringf.xyz",nocase; classtype:web-application-activity; sid:300000221; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummera.xyz",nocase; classtype:web-application-activity; sid:300000222; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerc.xyz",nocase; classtype:web-application-activity; sid:300000223; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerd.xyz",nocase; classtype:web-application-activity; sid:300000224; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummere.xyz",nocase; classtype:web-application-activity; sid:300000225; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerf.xyz",nocase; classtype:web-application-activity; sid:300000226; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintera.xyz",nocase; classtype:web-application-activity; sid:300000227; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterb.xyz",nocase; classtype:web-application-activity; sid:300000228; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000229; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000230; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterf.xyz",nocase; classtype:web-application-activity; sid:300000232; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pcsecurity-live.xyz",nocase; classtype:web-application-activity; sid:300000233; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000234; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000235; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"peterhahn.be",nocase; classtype:web-application-activity; sid:300000236; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000237; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000238; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placesiteb.xyz",nocase; classtype:web-application-activity; sid:300000239; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000240; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000241; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000242; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000243; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000244; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000245; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000246; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000247; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspind.xyz",nocase; classtype:web-application-activity; sid:300000248; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000249; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringb.xyz",nocase; classtype:web-application-activity; sid:300000250; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringc.xyz",nocase; classtype:web-application-activity; sid:300000251; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringd.xyz",nocase; classtype:web-application-activity; sid:300000252; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringe.xyz",nocase; classtype:web-application-activity; sid:300000253; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummera.xyz",nocase; classtype:web-application-activity; sid:300000254; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerb.xyz",nocase; classtype:web-application-activity; sid:300000255; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerc.xyz",nocase; classtype:web-application-activity; sid:300000256; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummere.xyz",nocase; classtype:web-application-activity; sid:300000257; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerf.xyz",nocase; classtype:web-application-activity; sid:300000258; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintera.xyz",nocase; classtype:web-application-activity; sid:300000259; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterb.xyz",nocase; classtype:web-application-activity; sid:300000260; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterc.xyz",nocase; classtype:web-application-activity; sid:300000261; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterd.xyz",nocase; classtype:web-application-activity; sid:300000262; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintere.xyz",nocase; classtype:web-application-activity; sid:300000263; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterf.xyz",nocase; classtype:web-application-activity; sid:300000264; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ppploanchoices.site",nocase; classtype:web-application-activity; sid:300000265; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"press-news-for.me",nocase; classtype:web-application-activity; sid:300000266; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000267; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"producthunter.club",nocase; classtype:web-application-activity; sid:300000268; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"profitsurvey365.online",nocase; classtype:web-application-activity; sid:300000269; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"promotionclaim.rest",nocase; classtype:web-application-activity; sid:300000270; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"proprotect.me",nocase; classtype:web-application-activity; sid:300000271; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protect-ios.com",nocase; classtype:web-application-activity; sid:300000272; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"provpn.me",nocase; classtype:web-application-activity; sid:300000273; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prtctapp.me",nocase; classtype:web-application-activity; sid:300000274; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"qfind.net",nocase; classtype:web-application-activity; sid:300000275; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quizshein.shop",nocase; classtype:web-application-activity; sid:300000276; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rancy.xyz",nocase; classtype:web-application-activity; sid:300000277; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"real-buy.net",nocase; classtype:web-application-activity; sid:300000278; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardgivingrealspecialoffer.cyou",nocase; classtype:web-application-activity; sid:300000279; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"richsurvey.live",nocase; classtype:web-application-activity; sid:300000280; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000281; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000282; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safeguide.net",nocase; classtype:web-application-activity; sid:300000283; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000284; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seaplaytoo.top",nocase; classtype:web-application-activity; sid:300000285; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-exp.online",nocase; classtype:web-application-activity; sid:300000286; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000287; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000288; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000289; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000290; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchoffers.info",nocase; classtype:web-application-activity; sid:300000291; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"selectedlab.buzz",nocase; classtype:web-application-activity; sid:300000292; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000293; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000294; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000295; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000296; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-ocean.xyz",nocase; classtype:web-application-activity; sid:300000297; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic-plains.xyz",nocase; classtype:web-application-activity; sid:300000298; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000299; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1coast.xyz",nocase; classtype:web-application-activity; sid:300000300; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic1ocean.xyz",nocase; classtype:web-application-activity; sid:300000301; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonic7sea.xyz",nocase; classtype:web-application-activity; sid:300000302; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sonicacrater.xyz",nocase; classtype:web-application-activity; sid:300000303; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000304; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000305; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000306; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000307; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000308; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000309; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stogether.fun",nocase; classtype:web-application-activity; sid:300000310; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000311; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000312; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselysophisticatedthefile.vip",nocase; classtype:web-application-activity; sid:300000313; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streampreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000314; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000315; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamspeedyintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000316; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000317; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"summermedia.club",nocase; classtype:web-application-activity; sid:300000318; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sweetalt.ru",nocase; classtype:web-application-activity; sid:300000319; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sweetgirls.buzz",nocase; classtype:web-application-activity; sid:300000320; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccurrentmostthefile.vip",nocase; classtype:web-application-activity; sid:300000321; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatestintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000322; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncmostprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000323; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestmostthefile.vip",nocase; classtype:web-application-activity; sid:300000324; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestuberthefile.vip",nocase; classtype:web-application-activity; sid:300000325; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrecentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000326; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncubercurrentfiles.best",nocase; classtype:web-application-activity; sid:300000327; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syssysupdate.top",nocase; classtype:web-application-activity; sid:300000328; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000329; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thanksyoursupport.club",nocase; classtype:web-application-activity; sid:300000330; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-crater.xyz",nocase; classtype:web-application-activity; sid:300000331; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-sky.xyz",nocase; classtype:web-application-activity; sid:300000332; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the-star.xyz",nocase; classtype:web-application-activity; sid:300000333; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1planet.xyz",nocase; classtype:web-application-activity; sid:300000334; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1star.xyz",nocase; classtype:web-application-activity; sid:300000335; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the1volcano.xyz",nocase; classtype:web-application-activity; sid:300000336; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7coast.xyz",nocase; classtype:web-application-activity; sid:300000337; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7crater.xyz",nocase; classtype:web-application-activity; sid:300000338; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7plains.xyz",nocase; classtype:web-application-activity; sid:300000339; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"the7volcano.xyz",nocase; classtype:web-application-activity; sid:300000340; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000341; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theacrater.xyz",nocase; classtype:web-application-activity; sid:300000342; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theastar.xyz",nocase; classtype:web-application-activity; sid:300000343; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theavolcano.xyz",nocase; classtype:web-application-activity; sid:300000344; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thedealexpert.net",nocase; classtype:web-application-activity; sid:300000345; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theirproviderock.top",nocase; classtype:web-application-activity; sid:300000346; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000347; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timefornews.online",nocase; classtype:web-application-activity; sid:300000348; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"top-offers2.club",nocase; classtype:web-application-activity; sid:300000349; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"topdating.online",nocase; classtype:web-application-activity; sid:300000350; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tracking-landers.xyz",nocase; classtype:web-application-activity; sid:300000351; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trotineo.fr",nocase; classtype:web-application-activity; sid:300000352; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"truecompassion.net",nocase; classtype:web-application-activity; sid:300000353; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatefix.xyz",nocase; classtype:web-application-activity; sid:300000354; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updateview.tech",nocase; classtype:web-application-activity; sid:300000355; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplaysite.xyz",nocase; classtype:web-application-activity; sid:300000356; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usepro.me",nocase; classtype:web-application-activity; sid:300000357; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"useprovpn.me",nocase; classtype:web-application-activity; sid:300000358; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usevpnpro.me",nocase; classtype:web-application-activity; sid:300000359; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usforeclosure.net",nocase; classtype:web-application-activity; sid:300000360; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videoau.ru",nocase; classtype:web-application-activity; sid:300000361; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videoauthor.ru",nocase; classtype:web-application-activity; sid:300000362; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videochanelace.ru",nocase; classtype:web-application-activity; sid:300000363; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videochanelact.ru",nocase; classtype:web-application-activity; sid:300000364; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videochanelair.ru",nocase; classtype:web-application-activity; sid:300000365; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videolookable.ru",nocase; classtype:web-application-activity; sid:300000366; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videolookace.ru",nocase; classtype:web-application-activity; sid:300000367; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videolookact.ru",nocase; classtype:web-application-activity; sid:300000368; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videolookalt.ru",nocase; classtype:web-application-activity; sid:300000369; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videomixable.ru",nocase; classtype:web-application-activity; sid:300000370; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videomixace.ru",nocase; classtype:web-application-activity; sid:300000371; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videomixact.ru",nocase; classtype:web-application-activity; sid:300000372; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videovoiceable.ru",nocase; classtype:web-application-activity; sid:300000373; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"videovoiceace.ru",nocase; classtype:web-application-activity; sid:300000374; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"viralsharks.net",nocase; classtype:web-application-activity; sid:300000375; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn-pro.club",nocase; classtype:web-application-activity; sid:300000376; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnsecurity.me",nocase; classtype:web-application-activity; sid:300000377; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wallda.site",nocase; classtype:web-application-activity; sid:300000378; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchextremely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000379; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000380; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchquick-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000381; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchrefined-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000382; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"web-security.ml",nocase; classtype:web-application-activity; sid:300000383; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000384; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1asteroid.xyz",nocase; classtype:web-application-activity; sid:300000385; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1ocean.xyz",nocase; classtype:web-application-activity; sid:300000386; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1plains.xyz",nocase; classtype:web-application-activity; sid:300000387; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1sky.xyz",nocase; classtype:web-application-activity; sid:300000388; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"west1star.xyz",nocase; classtype:web-application-activity; sid:300000389; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaasteroid.xyz",nocase; classtype:web-application-activity; sid:300000390; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westamountain.xyz",nocase; classtype:web-application-activity; sid:300000391; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaocean.xyz",nocase; classtype:web-application-activity; sid:300000392; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westaplanet.xyz",nocase; classtype:web-application-activity; sid:300000393; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westasea.xyz",nocase; classtype:web-application-activity; sid:300000394; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"westastar.xyz",nocase; classtype:web-application-activity; sid:300000395; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.icu",nocase; classtype:web-application-activity; sid:300000396; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000397; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000398; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000399; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourluckytoday.club",nocase; classtype:web-application-activity; sid:300000400; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000401; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000402; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zalando-prive.es",nocase; classtype:web-application-activity; sid:300000403; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"zeusmedia.info",nocase; classtype:web-application-activity; sid:300000404; rev:1;) diff --git a/dist/pup-filter-suricata.rules b/dist/pup-filter-suricata.rules index 032f4cb..434d5f1 100644 --- a/dist/pup-filter-suricata.rules +++ b/dist/pup-filter-suricata.rules @@ -1,64 +1,64 @@ # Title: PUP Domains Suricata Ruleset # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2021travel.net"; classtype:web-application-activity; sid:300000001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4upgradingstablesafe.work"; classtype:web-application-activity; sid:300000002; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adslauchgo.xyz"; classtype:web-application-activity; sid:300000003; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"affiliateland.io"; classtype:web-application-activity; sid:300000004; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000005; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000006; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000007; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000008; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atwater.org"; classtype:web-application-activity; sid:300000009; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000010; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000011; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000012; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000013; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000016; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beautinow.nl"; classtype:web-application-activity; sid:300000017; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000018; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000019; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000020; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000021; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upcompletely-bestprecisefile.best"; classtype:web-application-activity; sid:300000022; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upcompletely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000023; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upfree-bestuberfile.best"; classtype:web-application-activity; sid:300000024; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000025; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000026; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-uprenewed-bestuberfile.best"; classtype:web-application-activity; sid:300000027; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000028; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upuber-bestfreefile.best"; classtype:web-application-activity; sid:300000029; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightlifestyle.org"; classtype:web-application-activity; sid:300000030; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000031; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-planet.xyz"; classtype:web-application-activity; sid:300000032; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1plains.xyz"; classtype:web-application-activity; sid:300000033; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1sky.xyz"; classtype:web-application-activity; sid:300000034; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1star.xyz"; classtype:web-application-activity; sid:300000035; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7mountain.xyz"; classtype:web-application-activity; sid:300000036; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7ocean.xyz"; classtype:web-application-activity; sid:300000037; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7planet.xyz"; classtype:web-application-activity; sid:300000038; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7sky.xyz"; classtype:web-application-activity; sid:300000039; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeracoast.xyz"; classtype:web-application-activity; sid:300000040; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeramountain.xyz"; classtype:web-application-activity; sid:300000041; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centerastar.xyz"; classtype:web-application-activity; sid:300000042; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeravolcano.xyz"; classtype:web-application-activity; sid:300000043; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chatverse.net"; classtype:web-application-activity; sid:300000044; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkstableaupdatinglinks.work"; classtype:web-application-activity; sid:300000045; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chipovysta.pro"; classtype:web-application-activity; sid:300000046; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimrewards.rest"; classtype:web-application-activity; sid:300000047; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coatofarms.nyc"; classtype:web-application-activity; sid:300000048; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connecttheupgradingurls.work"; classtype:web-application-activity; sid:300000049; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000050; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000051; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000052; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000053; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"craftstash.us"; classtype:web-application-activity; sid:300000054; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abcscience.xyz"; classtype:web-application-activity; sid:300000003; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adslauchgo.xyz"; classtype:web-application-activity; sid:300000004; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"affiliateland.io"; classtype:web-application-activity; sid:300000005; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000006; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000007; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000008; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000009; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atwater.org"; classtype:web-application-activity; sid:300000010; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000011; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000012; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000013; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000014; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000015; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-cars-for-seniors-ok.live"; classtype:web-application-activity; sid:300000016; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000017; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beautinow.nl"; classtype:web-application-activity; sid:300000018; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"beinspired.global"; classtype:web-application-activity; sid:300000019; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bkk755.biz"; classtype:web-application-activity; sid:300000020; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bleu-bonheur.fr"; classtype:web-application-activity; sid:300000021; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bluetiger.cloud"; classtype:web-application-activity; sid:300000022; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upcompletely-bestprecisefile.best"; classtype:web-application-activity; sid:300000023; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upcompletely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000024; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upfree-bestuberfile.best"; classtype:web-application-activity; sid:300000025; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestquickfile.best"; classtype:web-application-activity; sid:300000026; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upheavily-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000027; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-uprenewed-bestuberfile.best"; classtype:web-application-activity; sid:300000028; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upsophisticated-bestoverlyfile.best"; classtype:web-application-activity; sid:300000029; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"boot-upuber-bestfreefile.best"; classtype:web-application-activity; sid:300000030; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"brightlifestyle.org"; classtype:web-application-activity; sid:300000031; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-plains.xyz"; classtype:web-application-activity; sid:300000032; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center-planet.xyz"; classtype:web-application-activity; sid:300000033; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1plains.xyz"; classtype:web-application-activity; sid:300000034; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1sky.xyz"; classtype:web-application-activity; sid:300000035; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center1star.xyz"; classtype:web-application-activity; sid:300000036; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7mountain.xyz"; classtype:web-application-activity; sid:300000037; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7ocean.xyz"; classtype:web-application-activity; sid:300000038; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7planet.xyz"; classtype:web-application-activity; sid:300000039; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"center7sky.xyz"; classtype:web-application-activity; sid:300000040; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeracoast.xyz"; classtype:web-application-activity; sid:300000041; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeramountain.xyz"; classtype:web-application-activity; sid:300000042; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centerastar.xyz"; classtype:web-application-activity; sid:300000043; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centeravolcano.xyz"; classtype:web-application-activity; sid:300000044; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chatverse.net"; classtype:web-application-activity; sid:300000045; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"checkstableaupdatinglinks.work"; classtype:web-application-activity; sid:300000046; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"chipovysta.pro"; classtype:web-application-activity; sid:300000047; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"claimrewards.rest"; classtype:web-application-activity; sid:300000048; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coatofarms.nyc"; classtype:web-application-activity; sid:300000049; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"connecttheupgradingurls.work"; classtype:web-application-activity; sid:300000050; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000051; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000052; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000053; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crowdweightyellow.top"; classtype:web-application-activity; sid:300000057; rev:1;) @@ -94,28 +94,28 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastwebb.xyz"; classtype:web-application-activity; sid:300000087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findaupgradingurls.work"; classtype:web-application-activity; sid:300000088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finditquick.online"; classtype:web-application-activity; sid:300000089; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fireapps.cloud"; classtype:web-application-activity; sid:300000090; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flash-rewards.info"; classtype:web-application-activity; sid:300000091; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funanime.me"; classtype:web-application-activity; sid:300000092; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funny-media.ru"; classtype:web-application-activity; sid:300000093; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000094; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000095; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"get-your-score.club"; classtype:web-application-activity; sid:300000096; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gettheraiceheadreliefhat.io"; classtype:web-application-activity; sid:300000097; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000098; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000099; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000100; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000101; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000102; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000103; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000104; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000105; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000106; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpages.net"; classtype:web-application-activity; sid:300000107; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huge2upgradescentral.work"; classtype:web-application-activity; sid:300000108; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"humansystemsecurity.top"; classtype:web-application-activity; sid:300000109; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000110; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incing-marganic.icu"; classtype:web-application-activity; sid:300000111; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finreporter.net"; classtype:web-application-activity; sid:300000090; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fireapps.cloud"; classtype:web-application-activity; sid:300000091; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flash-rewards.info"; classtype:web-application-activity; sid:300000092; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funanime.me"; classtype:web-application-activity; sid:300000093; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funny-media.ru"; classtype:web-application-activity; sid:300000094; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000095; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000096; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"get-your-score.club"; classtype:web-application-activity; sid:300000097; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gettheraiceheadreliefhat.io"; classtype:web-application-activity; sid:300000098; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000099; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000100; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000101; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000102; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000103; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000104; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000105; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000106; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000107; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpages.net"; classtype:web-application-activity; sid:300000108; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"huge2upgradescentral.work"; classtype:web-application-activity; sid:300000109; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"humansystemsecurity.top"; classtype:web-application-activity; sid:300000110; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprecisethefile.vip"; classtype:web-application-activity; sid:300000112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprogressivethefile.vip"; classtype:web-application-activity; sid:300000113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyspeedythefile.vip"; classtype:web-application-activity; sid:300000114; rev:1;) @@ -143,276 +143,269 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataage.ru"; classtype:web-application-activity; sid:300000136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataair.ru"; classtype:web-application-activity; sid:300000137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataalt.ru"; classtype:web-application-activity; sid:300000138; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.bar"; classtype:web-application-activity; sid:300000139; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.club"; classtype:web-application-activity; sid:300000140; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junesmile.xyz"; classtype:web-application-activity; sid:300000141; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keepinfit.net"; classtype:web-application-activity; sid:300000142; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumna.xyz"; classtype:web-application-activity; sid:300000143; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnb.xyz"; classtype:web-application-activity; sid:300000144; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnc.xyz"; classtype:web-application-activity; sid:300000145; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnd.xyz"; classtype:web-application-activity; sid:300000146; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumne.xyz"; classtype:web-application-activity; sid:300000147; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnf.xyz"; classtype:web-application-activity; sid:300000148; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringa.xyz"; classtype:web-application-activity; sid:300000149; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringb.xyz"; classtype:web-application-activity; sid:300000150; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringc.xyz"; classtype:web-application-activity; sid:300000151; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringd.xyz"; classtype:web-application-activity; sid:300000152; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringe.xyz"; classtype:web-application-activity; sid:300000153; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringf.xyz"; classtype:web-application-activity; sid:300000154; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummera.xyz"; classtype:web-application-activity; sid:300000155; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerc.xyz"; classtype:web-application-activity; sid:300000156; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerd.xyz"; classtype:web-application-activity; sid:300000157; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummere.xyz"; classtype:web-application-activity; sid:300000158; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerf.xyz"; classtype:web-application-activity; sid:300000159; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintera.xyz"; classtype:web-application-activity; sid:300000160; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterb.xyz"; classtype:web-application-activity; sid:300000161; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterc.xyz"; classtype:web-application-activity; sid:300000162; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterd.xyz"; classtype:web-application-activity; sid:300000163; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintere.xyz"; classtype:web-application-activity; sid:300000164; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lackystack.net"; classtype:web-application-activity; sid:300000165; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"link4updatingcentral.work"; classtype:web-application-activity; sid:300000166; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"listenthisso.top"; classtype:web-application-activity; sid:300000167; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lltrsknoob.click"; classtype:web-application-activity; sid:300000168; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadadvancedextremelythefile.vip"; classtype:web-application-activity; sid:300000169; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadextremelycurrentthefile.vip"; classtype:web-application-activity; sid:300000170; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadextremelyrecentthefile.vip"; classtype:web-application-activity; sid:300000171; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadfree-bestheavilyfile.best"; classtype:web-application-activity; sid:300000172; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlynewestthefile.vip"; classtype:web-application-activity; sid:300000173; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyoriginalthefile.vip"; classtype:web-application-activity; sid:300000174; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyprogressivethefile.vip"; classtype:web-application-activity; sid:300000175; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyrenewedthefile.vip"; classtype:web-application-activity; sid:300000176; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadhighlyadvancedthefile.vip"; classtype:web-application-activity; sid:300000177; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyquickthefile.vip"; classtype:web-application-activity; sid:300000178; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyspeedythefile.vip"; classtype:web-application-activity; sid:300000179; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselystrongthefile.vip"; classtype:web-application-activity; sid:300000180; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyswiftthefile.vip"; classtype:web-application-activity; sid:300000181; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadnewestextremelythefile.vip"; classtype:web-application-activity; sid:300000182; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadnewestgreatlythefile.vip"; classtype:web-application-activity; sid:300000183; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadoriginalextremelythefile.vip"; classtype:web-application-activity; sid:300000184; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadoriginalgreatlythefile.vip"; classtype:web-application-activity; sid:300000185; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadpreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000186; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadprogressivegreatlythefile.vip"; classtype:web-application-activity; sid:300000187; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrecentextremelythefile.vip"; classtype:web-application-activity; sid:300000188; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrenewedgreatlythefile.vip"; classtype:web-application-activity; sid:300000189; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadstrongintenselythefile.vip"; classtype:web-application-activity; sid:300000190; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadswiftintenselythefile.vip"; classtype:web-application-activity; sid:300000191; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"louisvillegigs.net"; classtype:web-application-activity; sid:300000192; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000193; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000194; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckyworldwideprizerandom.rest"; classtype:web-application-activity; sid:300000195; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketloans.net"; classtype:web-application-activity; sid:300000196; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matchyourgirl.online"; classtype:web-application-activity; sid:300000197; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mazestation.games"; classtype:web-application-activity; sid:300000198; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"media-cloud.ru"; classtype:web-application-activity; sid:300000199; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaadvanced.ru"; classtype:web-application-activity; sid:300000200; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeryslotspin.xyz"; classtype:web-application-activity; sid:300000201; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1mountain.xyz"; classtype:web-application-activity; sid:300000202; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1planet.xyz"; classtype:web-application-activity; sid:300000203; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sea.xyz"; classtype:web-application-activity; sid:300000204; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sky.xyz"; classtype:web-application-activity; sid:300000205; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7volcano.xyz"; classtype:web-application-activity; sid:300000206; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiacrater.xyz"; classtype:web-application-activity; sid:300000207; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaocean.xyz"; classtype:web-application-activity; sid:300000208; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaplanet.xyz"; classtype:web-application-activity; sid:300000209; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiastar.xyz"; classtype:web-application-activity; sid:300000210; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiavolcano.xyz"; classtype:web-application-activity; sid:300000211; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobyfox.shop"; classtype:web-application-activity; sid:300000212; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"money-hero.org"; classtype:web-application-activity; sid:300000213; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000214; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newbuy.xyz"; classtype:web-application-activity; sid:300000215; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000216; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000217; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olivedinflats.space"; classtype:web-application-activity; sid:300000218; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumna.xyz"; classtype:web-application-activity; sid:300000219; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnb.xyz"; classtype:web-application-activity; sid:300000220; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnc.xyz"; classtype:web-application-activity; sid:300000221; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnd.xyz"; classtype:web-application-activity; sid:300000222; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnf.xyz"; classtype:web-application-activity; sid:300000223; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringa.xyz"; classtype:web-application-activity; sid:300000224; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringb.xyz"; classtype:web-application-activity; sid:300000225; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringc.xyz"; classtype:web-application-activity; sid:300000226; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringd.xyz"; classtype:web-application-activity; sid:300000227; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000228; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringf.xyz"; classtype:web-application-activity; sid:300000229; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummera.xyz"; classtype:web-application-activity; sid:300000230; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerc.xyz"; classtype:web-application-activity; sid:300000231; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerd.xyz"; classtype:web-application-activity; sid:300000232; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummere.xyz"; classtype:web-application-activity; sid:300000233; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerf.xyz"; classtype:web-application-activity; sid:300000234; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintera.xyz"; classtype:web-application-activity; sid:300000235; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterb.xyz"; classtype:web-application-activity; sid:300000236; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000237; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000238; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000239; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterf.xyz"; classtype:web-application-activity; sid:300000240; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcsecurity-live.xyz"; classtype:web-application-activity; sid:300000241; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyspeedythefile.vip"; classtype:web-application-activity; sid:300000242; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyswiftthefile.vip"; classtype:web-application-activity; sid:300000243; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peterhahn.be"; classtype:web-application-activity; sid:300000244; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000245; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000246; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000247; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000248; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000249; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000250; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000251; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000252; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000253; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000254; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000255; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspind.xyz"; classtype:web-application-activity; sid:300000256; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000257; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringb.xyz"; classtype:web-application-activity; sid:300000258; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringc.xyz"; classtype:web-application-activity; sid:300000259; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringd.xyz"; classtype:web-application-activity; sid:300000260; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringe.xyz"; classtype:web-application-activity; sid:300000261; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummera.xyz"; classtype:web-application-activity; sid:300000262; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerb.xyz"; classtype:web-application-activity; sid:300000263; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerc.xyz"; classtype:web-application-activity; sid:300000264; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummere.xyz"; classtype:web-application-activity; sid:300000265; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerf.xyz"; classtype:web-application-activity; sid:300000266; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintera.xyz"; classtype:web-application-activity; sid:300000267; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterb.xyz"; classtype:web-application-activity; sid:300000268; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterc.xyz"; classtype:web-application-activity; sid:300000269; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterd.xyz"; classtype:web-application-activity; sid:300000270; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintere.xyz"; classtype:web-application-activity; sid:300000271; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterf.xyz"; classtype:web-application-activity; sid:300000272; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppploanchoices.site"; classtype:web-application-activity; sid:300000273; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"press-news-for.me"; classtype:web-application-activity; sid:300000274; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000275; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"producthunter.club"; classtype:web-application-activity; sid:300000276; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitsurvey365.online"; classtype:web-application-activity; sid:300000277; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promotionclaim.rest"; classtype:web-application-activity; sid:300000278; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proprotect.me"; classtype:web-application-activity; sid:300000279; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-ios.com"; classtype:web-application-activity; sid:300000280; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provpn.me"; classtype:web-application-activity; sid:300000281; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prtctapp.me"; classtype:web-application-activity; sid:300000282; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qfind.net"; classtype:web-application-activity; sid:300000283; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quizshein.shop"; classtype:web-application-activity; sid:300000284; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rancy.xyz"; classtype:web-application-activity; sid:300000285; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"real-buy.net"; classtype:web-application-activity; sid:300000286; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardgivingrealspecialoffer.cyou"; classtype:web-application-activity; sid:300000287; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000288; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000289; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safeguide.net"; classtype:web-application-activity; sid:300000290; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000291; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seaplaytoo.top"; classtype:web-application-activity; sid:300000292; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-exp.online"; classtype:web-application-activity; sid:300000293; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000294; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000295; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000296; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000297; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchoffers.info"; classtype:web-application-activity; sid:300000298; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selectedlab.buzz"; classtype:web-application-activity; sid:300000299; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000300; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000301; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000302; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000303; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"software-dealz.de"; classtype:web-application-activity; sid:300000304; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-ocean.xyz"; classtype:web-application-activity; sid:300000305; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-plains.xyz"; classtype:web-application-activity; sid:300000306; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1asteroid.xyz"; classtype:web-application-activity; sid:300000307; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1coast.xyz"; classtype:web-application-activity; sid:300000308; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1ocean.xyz"; classtype:web-application-activity; sid:300000309; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic7sea.xyz"; classtype:web-application-activity; sid:300000310; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonicacrater.xyz"; classtype:web-application-activity; sid:300000311; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000312; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000313; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000314; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000315; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000316; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000317; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stogether.fun"; classtype:web-application-activity; sid:300000318; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000319; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000320; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselysophisticatedthefile.vip"; classtype:web-application-activity; sid:300000321; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streampreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000322; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestuberfile.best"; classtype:web-application-activity; sid:300000323; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamspeedyintenselythefile.vip"; classtype:web-application-activity; sid:300000324; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000325; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"summermedia.club"; classtype:web-application-activity; sid:300000326; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sweetalt.ru"; classtype:web-application-activity; sid:300000327; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sweetgirls.buzz"; classtype:web-application-activity; sid:300000328; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccurrentmostthefile.vip"; classtype:web-application-activity; sid:300000329; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatestintenselythefile.vip"; classtype:web-application-activity; sid:300000330; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmostprecisethefile.vip"; classtype:web-application-activity; sid:300000331; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestmostthefile.vip"; classtype:web-application-activity; sid:300000332; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestuberthefile.vip"; classtype:web-application-activity; sid:300000333; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrecentintenselythefile.vip"; classtype:web-application-activity; sid:300000334; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncubercurrentfiles.best"; classtype:web-application-activity; sid:300000335; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syssysupdate.top"; classtype:web-application-activity; sid:300000336; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000337; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thanksyoursupport.club"; classtype:web-application-activity; sid:300000338; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-crater.xyz"; classtype:web-application-activity; sid:300000339; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-sky.xyz"; classtype:web-application-activity; sid:300000340; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-star.xyz"; classtype:web-application-activity; sid:300000341; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1planet.xyz"; classtype:web-application-activity; sid:300000342; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1star.xyz"; classtype:web-application-activity; sid:300000343; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1volcano.xyz"; classtype:web-application-activity; sid:300000344; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7coast.xyz"; classtype:web-application-activity; sid:300000345; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7crater.xyz"; classtype:web-application-activity; sid:300000346; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7plains.xyz"; classtype:web-application-activity; sid:300000347; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7volcano.xyz"; classtype:web-application-activity; sid:300000348; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaasteroid.xyz"; classtype:web-application-activity; sid:300000349; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theacrater.xyz"; classtype:web-application-activity; sid:300000350; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theastar.xyz"; classtype:web-application-activity; sid:300000351; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theavolcano.xyz"; classtype:web-application-activity; sid:300000352; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thedealexpert.net"; classtype:web-application-activity; sid:300000353; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theirproviderock.top"; classtype:web-application-activity; sid:300000354; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000355; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timefornews.online"; classtype:web-application-activity; sid:300000356; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timeoffers.net"; classtype:web-application-activity; sid:300000357; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top-offers2.club"; classtype:web-application-activity; sid:300000358; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topdating.online"; classtype:web-application-activity; sid:300000359; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tracking-landers.xyz"; classtype:web-application-activity; sid:300000360; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trotineo.fr"; classtype:web-application-activity; sid:300000361; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"truecompassion.net"; classtype:web-application-activity; sid:300000362; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatefix.xyz"; classtype:web-application-activity; sid:300000363; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplaysite.xyz"; classtype:web-application-activity; sid:300000364; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usepro.me"; classtype:web-application-activity; sid:300000365; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"useprovpn.me"; classtype:web-application-activity; sid:300000366; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usevpnpro.me"; classtype:web-application-activity; sid:300000367; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usforeclosure.net"; classtype:web-application-activity; sid:300000368; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videoau.ru"; classtype:web-application-activity; sid:300000369; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videoauthor.ru"; classtype:web-application-activity; sid:300000370; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videochanelace.ru"; classtype:web-application-activity; sid:300000371; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videochanelact.ru"; classtype:web-application-activity; sid:300000372; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videochanelair.ru"; classtype:web-application-activity; sid:300000373; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videolookable.ru"; classtype:web-application-activity; sid:300000374; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videolookace.ru"; classtype:web-application-activity; sid:300000375; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videolookact.ru"; classtype:web-application-activity; sid:300000376; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videolookalt.ru"; classtype:web-application-activity; sid:300000377; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videomixable.ru"; classtype:web-application-activity; sid:300000378; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videomixace.ru"; classtype:web-application-activity; sid:300000379; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videomixact.ru"; classtype:web-application-activity; sid:300000380; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videovoiceable.ru"; classtype:web-application-activity; sid:300000381; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videovoiceace.ru"; classtype:web-application-activity; sid:300000382; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viralsharks.net"; classtype:web-application-activity; sid:300000383; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn-pro.club"; classtype:web-application-activity; sid:300000384; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnsecurity.me"; classtype:web-application-activity; sid:300000385; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchextremely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000386; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000387; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchquick-bestheavilyfile.best"; classtype:web-application-activity; sid:300000388; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchrefined-bestextremelyfile.best"; classtype:web-application-activity; sid:300000389; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-security.ml"; classtype:web-application-activity; sid:300000390; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000391; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1asteroid.xyz"; classtype:web-application-activity; sid:300000392; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1ocean.xyz"; classtype:web-application-activity; sid:300000393; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1plains.xyz"; classtype:web-application-activity; sid:300000394; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1sky.xyz"; classtype:web-application-activity; sid:300000395; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1star.xyz"; classtype:web-application-activity; sid:300000396; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaasteroid.xyz"; classtype:web-application-activity; sid:300000397; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westamountain.xyz"; classtype:web-application-activity; sid:300000398; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaocean.xyz"; classtype:web-application-activity; sid:300000399; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaplanet.xyz"; classtype:web-application-activity; sid:300000400; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westasea.xyz"; classtype:web-application-activity; sid:300000401; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westastar.xyz"; classtype:web-application-activity; sid:300000402; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.icu"; classtype:web-application-activity; sid:300000403; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000404; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"your-magazine.me"; classtype:web-application-activity; sid:300000405; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000406; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000407; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourluckytoday.club"; classtype:web-application-activity; sid:300000408; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000409; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000410; rev:1;) -alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zeusmedia.info"; classtype:web-application-activity; sid:300000411; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.club"; classtype:web-application-activity; sid:300000139; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junesmile.xyz"; classtype:web-application-activity; sid:300000140; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumna.xyz"; classtype:web-application-activity; sid:300000141; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnb.xyz"; classtype:web-application-activity; sid:300000142; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnc.xyz"; classtype:web-application-activity; sid:300000143; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnd.xyz"; classtype:web-application-activity; sid:300000144; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumne.xyz"; classtype:web-application-activity; sid:300000145; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnf.xyz"; classtype:web-application-activity; sid:300000146; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringa.xyz"; classtype:web-application-activity; sid:300000147; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringb.xyz"; classtype:web-application-activity; sid:300000148; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringc.xyz"; classtype:web-application-activity; sid:300000149; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringd.xyz"; classtype:web-application-activity; sid:300000150; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringe.xyz"; classtype:web-application-activity; sid:300000151; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringf.xyz"; classtype:web-application-activity; sid:300000152; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummera.xyz"; classtype:web-application-activity; sid:300000153; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerc.xyz"; classtype:web-application-activity; sid:300000154; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerd.xyz"; classtype:web-application-activity; sid:300000155; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummere.xyz"; classtype:web-application-activity; sid:300000156; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerf.xyz"; classtype:web-application-activity; sid:300000157; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintera.xyz"; classtype:web-application-activity; sid:300000158; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterb.xyz"; classtype:web-application-activity; sid:300000159; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterc.xyz"; classtype:web-application-activity; sid:300000160; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterd.xyz"; classtype:web-application-activity; sid:300000161; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintere.xyz"; classtype:web-application-activity; sid:300000162; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kompsos.uk"; classtype:web-application-activity; sid:300000163; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lackystack.net"; classtype:web-application-activity; sid:300000164; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"link4updatingcentral.work"; classtype:web-application-activity; sid:300000165; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"listenthisso.top"; classtype:web-application-activity; sid:300000166; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lltrsknoob.click"; classtype:web-application-activity; sid:300000167; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadfree-bestheavilyfile.best"; classtype:web-application-activity; sid:300000168; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlynewestthefile.vip"; classtype:web-application-activity; sid:300000169; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyoriginalthefile.vip"; classtype:web-application-activity; sid:300000170; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyprogressivethefile.vip"; classtype:web-application-activity; sid:300000171; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyrenewedthefile.vip"; classtype:web-application-activity; sid:300000172; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyquickthefile.vip"; classtype:web-application-activity; sid:300000173; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyspeedythefile.vip"; classtype:web-application-activity; sid:300000174; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselystrongthefile.vip"; classtype:web-application-activity; sid:300000175; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyswiftthefile.vip"; classtype:web-application-activity; sid:300000176; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadnewestgreatlythefile.vip"; classtype:web-application-activity; sid:300000177; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadoriginalgreatlythefile.vip"; classtype:web-application-activity; sid:300000178; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadpreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000179; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadprogressivegreatlythefile.vip"; classtype:web-application-activity; sid:300000180; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrenewedgreatlythefile.vip"; classtype:web-application-activity; sid:300000181; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadstrongintenselythefile.vip"; classtype:web-application-activity; sid:300000182; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadswiftintenselythefile.vip"; classtype:web-application-activity; sid:300000183; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"louisvillegigs.net"; classtype:web-application-activity; sid:300000184; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000185; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000186; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckyworldwideprizerandom.rest"; classtype:web-application-activity; sid:300000187; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketloans.net"; classtype:web-application-activity; sid:300000188; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matchyourgirl.online"; classtype:web-application-activity; sid:300000189; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mazestation.games"; classtype:web-application-activity; sid:300000190; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"media-cloud.ru"; classtype:web-application-activity; sid:300000191; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaadvanced.ru"; classtype:web-application-activity; sid:300000192; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeryslotspin.xyz"; classtype:web-application-activity; sid:300000193; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1mountain.xyz"; classtype:web-application-activity; sid:300000194; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi1planet.xyz"; classtype:web-application-activity; sid:300000195; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sea.xyz"; classtype:web-application-activity; sid:300000196; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7sky.xyz"; classtype:web-application-activity; sid:300000197; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobi7volcano.xyz"; classtype:web-application-activity; sid:300000198; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiacrater.xyz"; classtype:web-application-activity; sid:300000199; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaocean.xyz"; classtype:web-application-activity; sid:300000200; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiaplanet.xyz"; classtype:web-application-activity; sid:300000201; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiastar.xyz"; classtype:web-application-activity; sid:300000202; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobiavolcano.xyz"; classtype:web-application-activity; sid:300000203; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobyfox.shop"; classtype:web-application-activity; sid:300000204; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"money-hero.org"; classtype:web-application-activity; sid:300000205; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000206; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newbuy.xyz"; classtype:web-application-activity; sid:300000207; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000208; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000209; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olivedinflats.space"; classtype:web-application-activity; sid:300000210; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumna.xyz"; classtype:web-application-activity; sid:300000211; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnb.xyz"; classtype:web-application-activity; sid:300000212; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnc.xyz"; classtype:web-application-activity; sid:300000213; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnd.xyz"; classtype:web-application-activity; sid:300000214; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnf.xyz"; classtype:web-application-activity; sid:300000215; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringa.xyz"; classtype:web-application-activity; sid:300000216; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringb.xyz"; classtype:web-application-activity; sid:300000217; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringc.xyz"; classtype:web-application-activity; sid:300000218; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringd.xyz"; classtype:web-application-activity; sid:300000219; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000220; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringf.xyz"; classtype:web-application-activity; sid:300000221; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummera.xyz"; classtype:web-application-activity; sid:300000222; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerc.xyz"; classtype:web-application-activity; sid:300000223; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerd.xyz"; classtype:web-application-activity; sid:300000224; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummere.xyz"; classtype:web-application-activity; sid:300000225; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerf.xyz"; classtype:web-application-activity; sid:300000226; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintera.xyz"; classtype:web-application-activity; sid:300000227; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterb.xyz"; classtype:web-application-activity; sid:300000228; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000229; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000230; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000231; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterf.xyz"; classtype:web-application-activity; sid:300000232; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcsecurity-live.xyz"; classtype:web-application-activity; sid:300000233; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyspeedythefile.vip"; classtype:web-application-activity; sid:300000234; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyswiftthefile.vip"; classtype:web-application-activity; sid:300000235; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peterhahn.be"; classtype:web-application-activity; sid:300000236; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000237; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000238; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000239; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000240; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000241; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000242; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000243; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000244; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000245; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000246; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000247; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspind.xyz"; classtype:web-application-activity; sid:300000248; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000249; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringb.xyz"; classtype:web-application-activity; sid:300000250; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringc.xyz"; classtype:web-application-activity; sid:300000251; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringd.xyz"; classtype:web-application-activity; sid:300000252; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringe.xyz"; classtype:web-application-activity; sid:300000253; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummera.xyz"; classtype:web-application-activity; sid:300000254; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerb.xyz"; classtype:web-application-activity; sid:300000255; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerc.xyz"; classtype:web-application-activity; sid:300000256; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummere.xyz"; classtype:web-application-activity; sid:300000257; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerf.xyz"; classtype:web-application-activity; sid:300000258; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintera.xyz"; classtype:web-application-activity; sid:300000259; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterb.xyz"; classtype:web-application-activity; sid:300000260; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterc.xyz"; classtype:web-application-activity; sid:300000261; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterd.xyz"; classtype:web-application-activity; sid:300000262; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintere.xyz"; classtype:web-application-activity; sid:300000263; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterf.xyz"; classtype:web-application-activity; sid:300000264; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ppploanchoices.site"; classtype:web-application-activity; sid:300000265; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"press-news-for.me"; classtype:web-application-activity; sid:300000266; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000267; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"producthunter.club"; classtype:web-application-activity; sid:300000268; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"profitsurvey365.online"; classtype:web-application-activity; sid:300000269; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promotionclaim.rest"; classtype:web-application-activity; sid:300000270; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"proprotect.me"; classtype:web-application-activity; sid:300000271; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-ios.com"; classtype:web-application-activity; sid:300000272; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"provpn.me"; classtype:web-application-activity; sid:300000273; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prtctapp.me"; classtype:web-application-activity; sid:300000274; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qfind.net"; classtype:web-application-activity; sid:300000275; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quizshein.shop"; classtype:web-application-activity; sid:300000276; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rancy.xyz"; classtype:web-application-activity; sid:300000277; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"real-buy.net"; classtype:web-application-activity; sid:300000278; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardgivingrealspecialoffer.cyou"; classtype:web-application-activity; sid:300000279; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"richsurvey.live"; classtype:web-application-activity; sid:300000280; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000281; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000282; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safeguide.net"; classtype:web-application-activity; sid:300000283; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000284; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seaplaytoo.top"; classtype:web-application-activity; sid:300000285; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-exp.online"; classtype:web-application-activity; sid:300000286; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000287; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000288; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000289; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000290; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchoffers.info"; classtype:web-application-activity; sid:300000291; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selectedlab.buzz"; classtype:web-application-activity; sid:300000292; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000293; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000294; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000295; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000296; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-ocean.xyz"; classtype:web-application-activity; sid:300000297; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic-plains.xyz"; classtype:web-application-activity; sid:300000298; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1asteroid.xyz"; classtype:web-application-activity; sid:300000299; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1coast.xyz"; classtype:web-application-activity; sid:300000300; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic1ocean.xyz"; classtype:web-application-activity; sid:300000301; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonic7sea.xyz"; classtype:web-application-activity; sid:300000302; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sonicacrater.xyz"; classtype:web-application-activity; sid:300000303; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000304; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000305; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000306; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000307; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000308; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000309; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stogether.fun"; classtype:web-application-activity; sid:300000310; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000311; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000312; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselysophisticatedthefile.vip"; classtype:web-application-activity; sid:300000313; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streampreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000314; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestuberfile.best"; classtype:web-application-activity; sid:300000315; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamspeedyintenselythefile.vip"; classtype:web-application-activity; sid:300000316; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000317; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"summermedia.club"; classtype:web-application-activity; sid:300000318; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sweetalt.ru"; classtype:web-application-activity; sid:300000319; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sweetgirls.buzz"; classtype:web-application-activity; sid:300000320; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccurrentmostthefile.vip"; classtype:web-application-activity; sid:300000321; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatestintenselythefile.vip"; classtype:web-application-activity; sid:300000322; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmostprecisethefile.vip"; classtype:web-application-activity; sid:300000323; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestmostthefile.vip"; classtype:web-application-activity; sid:300000324; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestuberthefile.vip"; classtype:web-application-activity; sid:300000325; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrecentintenselythefile.vip"; classtype:web-application-activity; sid:300000326; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncubercurrentfiles.best"; classtype:web-application-activity; sid:300000327; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syssysupdate.top"; classtype:web-application-activity; sid:300000328; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000329; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thanksyoursupport.club"; classtype:web-application-activity; sid:300000330; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-crater.xyz"; classtype:web-application-activity; sid:300000331; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-sky.xyz"; classtype:web-application-activity; sid:300000332; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the-star.xyz"; classtype:web-application-activity; sid:300000333; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1planet.xyz"; classtype:web-application-activity; sid:300000334; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1star.xyz"; classtype:web-application-activity; sid:300000335; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the1volcano.xyz"; classtype:web-application-activity; sid:300000336; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7coast.xyz"; classtype:web-application-activity; sid:300000337; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7crater.xyz"; classtype:web-application-activity; sid:300000338; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7plains.xyz"; classtype:web-application-activity; sid:300000339; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"the7volcano.xyz"; classtype:web-application-activity; sid:300000340; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theaasteroid.xyz"; classtype:web-application-activity; sid:300000341; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theacrater.xyz"; classtype:web-application-activity; sid:300000342; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theastar.xyz"; classtype:web-application-activity; sid:300000343; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theavolcano.xyz"; classtype:web-application-activity; sid:300000344; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thedealexpert.net"; classtype:web-application-activity; sid:300000345; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theirproviderock.top"; classtype:web-application-activity; sid:300000346; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000347; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timefornews.online"; classtype:web-application-activity; sid:300000348; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top-offers2.club"; classtype:web-application-activity; sid:300000349; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topdating.online"; classtype:web-application-activity; sid:300000350; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tracking-landers.xyz"; classtype:web-application-activity; sid:300000351; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trotineo.fr"; classtype:web-application-activity; sid:300000352; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"truecompassion.net"; classtype:web-application-activity; sid:300000353; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatefix.xyz"; classtype:web-application-activity; sid:300000354; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updateview.tech"; classtype:web-application-activity; sid:300000355; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplaysite.xyz"; classtype:web-application-activity; sid:300000356; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usepro.me"; classtype:web-application-activity; sid:300000357; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"useprovpn.me"; classtype:web-application-activity; sid:300000358; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usevpnpro.me"; classtype:web-application-activity; sid:300000359; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usforeclosure.net"; classtype:web-application-activity; sid:300000360; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videoau.ru"; classtype:web-application-activity; sid:300000361; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videoauthor.ru"; classtype:web-application-activity; sid:300000362; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videochanelace.ru"; classtype:web-application-activity; sid:300000363; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videochanelact.ru"; classtype:web-application-activity; sid:300000364; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videochanelair.ru"; classtype:web-application-activity; sid:300000365; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videolookable.ru"; classtype:web-application-activity; sid:300000366; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videolookace.ru"; classtype:web-application-activity; sid:300000367; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videolookact.ru"; classtype:web-application-activity; sid:300000368; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videolookalt.ru"; classtype:web-application-activity; sid:300000369; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videomixable.ru"; classtype:web-application-activity; sid:300000370; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videomixace.ru"; classtype:web-application-activity; sid:300000371; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videomixact.ru"; classtype:web-application-activity; sid:300000372; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videovoiceable.ru"; classtype:web-application-activity; sid:300000373; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"videovoiceace.ru"; classtype:web-application-activity; sid:300000374; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viralsharks.net"; classtype:web-application-activity; sid:300000375; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn-pro.club"; classtype:web-application-activity; sid:300000376; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnsecurity.me"; classtype:web-application-activity; sid:300000377; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wallda.site"; classtype:web-application-activity; sid:300000378; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchextremely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000379; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000380; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchquick-bestheavilyfile.best"; classtype:web-application-activity; sid:300000381; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchrefined-bestextremelyfile.best"; classtype:web-application-activity; sid:300000382; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-security.ml"; classtype:web-application-activity; sid:300000383; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000384; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1asteroid.xyz"; classtype:web-application-activity; sid:300000385; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1ocean.xyz"; classtype:web-application-activity; sid:300000386; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1plains.xyz"; classtype:web-application-activity; sid:300000387; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1sky.xyz"; classtype:web-application-activity; sid:300000388; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"west1star.xyz"; classtype:web-application-activity; sid:300000389; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaasteroid.xyz"; classtype:web-application-activity; sid:300000390; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westamountain.xyz"; classtype:web-application-activity; sid:300000391; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaocean.xyz"; classtype:web-application-activity; sid:300000392; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westaplanet.xyz"; classtype:web-application-activity; sid:300000393; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westasea.xyz"; classtype:web-application-activity; sid:300000394; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"westastar.xyz"; classtype:web-application-activity; sid:300000395; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.icu"; classtype:web-application-activity; sid:300000396; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000397; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000398; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000399; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourluckytoday.club"; classtype:web-application-activity; sid:300000400; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000401; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000402; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zalando-prive.es"; classtype:web-application-activity; sid:300000403; rev:1;) +alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"zeusmedia.info"; classtype:web-application-activity; sid:300000404; rev:1;) diff --git a/dist/pup-filter-unbound.conf b/dist/pup-filter-unbound.conf index 82c6e42..b76de0b 100644 --- a/dist/pup-filter-unbound.conf +++ b/dist/pup-filter-unbound.conf @@ -1,12 +1,13 @@ # Title: PUP Domains Unbound Blocklist # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license # Source: https://github.com/zhouhanc/malware-discoverer local-zone: "2021travel.net" always_nxdomain local-zone: "4upgradingstablesafe.work" always_nxdomain +local-zone: "abcscience.xyz" always_nxdomain local-zone: "adslauchgo.xyz" always_nxdomain local-zone: "affiliateland.io" always_nxdomain local-zone: "aikoo.club" always_nxdomain @@ -58,7 +59,6 @@ local-zone: "consumerprotectioncybersecurity.org" always_nxdomain local-zone: "contentamigo.ru" always_nxdomain local-zone: "contentarea.ru" always_nxdomain local-zone: "country-news.live" always_nxdomain -local-zone: "craftstash.us" always_nxdomain local-zone: "crazyprize.buzz" always_nxdomain local-zone: "credit-monitoring-360.xyz" always_nxdomain local-zone: "crowdweightyellow.top" always_nxdomain @@ -94,6 +94,7 @@ local-zone: "fastspotb.xyz" always_nxdomain local-zone: "fastwebb.xyz" always_nxdomain local-zone: "findaupgradingurls.work" always_nxdomain local-zone: "finditquick.online" always_nxdomain +local-zone: "finreporter.net" always_nxdomain local-zone: "fireapps.cloud" always_nxdomain local-zone: "flash-rewards.info" always_nxdomain local-zone: "funanime.me" always_nxdomain @@ -115,7 +116,6 @@ local-zone: "hpages.net" always_nxdomain local-zone: "huge2upgradescentral.work" always_nxdomain local-zone: "humansystemsecurity.top" always_nxdomain local-zone: "imagefind.org" always_nxdomain -local-zone: "incing-marganic.icu" always_nxdomain local-zone: "initiatecompletelyprecisethefile.vip" always_nxdomain local-zone: "initiatecompletelyprogressivethefile.vip" always_nxdomain local-zone: "initiatecompletelyspeedythefile.vip" always_nxdomain @@ -143,10 +143,8 @@ local-zone: "juicydataadvance.ru" always_nxdomain local-zone: "juicydataage.ru" always_nxdomain local-zone: "juicydataair.ru" always_nxdomain local-zone: "juicydataalt.ru" always_nxdomain -local-zone: "junemedia.bar" always_nxdomain local-zone: "junemedia.club" always_nxdomain local-zone: "junesmile.xyz" always_nxdomain -local-zone: "keepinfit.net" always_nxdomain local-zone: "koalaautumna.xyz" always_nxdomain local-zone: "koalaautumnb.xyz" always_nxdomain local-zone: "koalaautumnc.xyz" always_nxdomain @@ -169,30 +167,24 @@ local-zone: "koalawinterb.xyz" always_nxdomain local-zone: "koalawinterc.xyz" always_nxdomain local-zone: "koalawinterd.xyz" always_nxdomain local-zone: "koalawintere.xyz" always_nxdomain +local-zone: "kompsos.uk" always_nxdomain local-zone: "lackystack.net" always_nxdomain local-zone: "link4updatingcentral.work" always_nxdomain local-zone: "listenthisso.top" always_nxdomain local-zone: "lltrsknoob.click" always_nxdomain -local-zone: "loadadvancedextremelythefile.vip" always_nxdomain -local-zone: "loadextremelycurrentthefile.vip" always_nxdomain -local-zone: "loadextremelyrecentthefile.vip" always_nxdomain local-zone: "loadfree-bestheavilyfile.best" always_nxdomain local-zone: "loadgreatlynewestthefile.vip" always_nxdomain local-zone: "loadgreatlyoriginalthefile.vip" always_nxdomain local-zone: "loadgreatlyprogressivethefile.vip" always_nxdomain local-zone: "loadgreatlyrenewedthefile.vip" always_nxdomain -local-zone: "loadhighlyadvancedthefile.vip" always_nxdomain local-zone: "loadintenselyquickthefile.vip" always_nxdomain local-zone: "loadintenselyspeedythefile.vip" always_nxdomain local-zone: "loadintenselystrongthefile.vip" always_nxdomain local-zone: "loadintenselyswiftthefile.vip" always_nxdomain -local-zone: "loadnewestextremelythefile.vip" always_nxdomain local-zone: "loadnewestgreatlythefile.vip" always_nxdomain -local-zone: "loadoriginalextremelythefile.vip" always_nxdomain local-zone: "loadoriginalgreatlythefile.vip" always_nxdomain local-zone: "loadpreciseintenselythefile.vip" always_nxdomain local-zone: "loadprogressivegreatlythefile.vip" always_nxdomain -local-zone: "loadrecentextremelythefile.vip" always_nxdomain local-zone: "loadrenewedgreatlythefile.vip" always_nxdomain local-zone: "loadstrongintenselythefile.vip" always_nxdomain local-zone: "loadswiftintenselythefile.vip" always_nxdomain @@ -292,6 +284,7 @@ local-zone: "quizshein.shop" always_nxdomain local-zone: "rancy.xyz" always_nxdomain local-zone: "real-buy.net" always_nxdomain local-zone: "rewardgivingrealspecialoffer.cyou" always_nxdomain +local-zone: "richsurvey.live" always_nxdomain local-zone: "runadvanced-bestgreatlyfile.best" always_nxdomain local-zone: "rungreatly-bestadvancedfile.best" always_nxdomain local-zone: "safeguide.net" always_nxdomain @@ -308,7 +301,6 @@ local-zone: "sergey-tracks.xyz" always_nxdomain local-zone: "shopin.nyc" always_nxdomain local-zone: "shopnsave.world" always_nxdomain local-zone: "smartideas.pro" always_nxdomain -local-zone: "software-dealz.de" always_nxdomain local-zone: "sonic-ocean.xyz" always_nxdomain local-zone: "sonic-plains.xyz" always_nxdomain local-zone: "sonic1asteroid.xyz" always_nxdomain @@ -361,13 +353,13 @@ local-zone: "thedealexpert.net" always_nxdomain local-zone: "theirproviderock.top" always_nxdomain local-zone: "thelastpicture.show" always_nxdomain local-zone: "timefornews.online" always_nxdomain -local-zone: "timeoffers.net" always_nxdomain local-zone: "top-offers2.club" always_nxdomain local-zone: "topdating.online" always_nxdomain local-zone: "tracking-landers.xyz" always_nxdomain local-zone: "trotineo.fr" always_nxdomain local-zone: "truecompassion.net" always_nxdomain local-zone: "updatefix.xyz" always_nxdomain +local-zone: "updateview.tech" always_nxdomain local-zone: "upplaysite.xyz" always_nxdomain local-zone: "usepro.me" always_nxdomain local-zone: "useprovpn.me" always_nxdomain @@ -390,6 +382,7 @@ local-zone: "videovoiceace.ru" always_nxdomain local-zone: "viralsharks.net" always_nxdomain local-zone: "vpn-pro.club" always_nxdomain local-zone: "vpnsecurity.me" always_nxdomain +local-zone: "wallda.site" always_nxdomain local-zone: "watchextremely-bestsophisticatedfile.best" always_nxdomain local-zone: "watchprogressive-bestmostfile.best" always_nxdomain local-zone: "watchquick-bestheavilyfile.best" always_nxdomain @@ -409,10 +402,10 @@ local-zone: "westasea.xyz" always_nxdomain local-zone: "westastar.xyz" always_nxdomain local-zone: "winnerz.icu" always_nxdomain local-zone: "worldwideofficialpromotion.cyou" always_nxdomain -local-zone: "your-magazine.me" always_nxdomain local-zone: "yourlegendarysystemsupgrade.work" always_nxdomain local-zone: "yourlinkplaceupdatingfree.work" always_nxdomain local-zone: "yourluckytoday.club" always_nxdomain local-zone: "yourmoneymachine.cc" always_nxdomain local-zone: "yoursafestgreatplaceupdates.work" always_nxdomain +local-zone: "zalando-prive.es" always_nxdomain local-zone: "zeusmedia.info" always_nxdomain diff --git a/dist/pup-filter-vivaldi.txt b/dist/pup-filter-vivaldi.txt index d0168d3..a51a9ba 100644 --- a/dist/pup-filter-vivaldi.txt +++ b/dist/pup-filter-vivaldi.txt @@ -1,12 +1,13 @@ ! Title: PUP Domains Blocklist (Vivaldi) ! Description: Block domains that host potentially unwanted programs (PUP) -! Updated: Thu, 11 Nov 2021 12:03:21 +0000 +! Updated: Fri, 12 Nov 2021 00:02:54 +0000 ! Expires: 1 day (update frequency) ! Homepage: https://gitlab.com/curben/pup-filter ! License: https://gitlab.com/curben/pup-filter#license ! Source: https://github.com/zhouhanc/malware-discoverer ||2021travel.net$document ||4upgradingstablesafe.work$document +||abcscience.xyz$document ||adslauchgo.xyz$document ||affiliateland.io$document ||aikoo.club$document @@ -58,7 +59,6 @@ ||contentamigo.ru$document ||contentarea.ru$document ||country-news.live$document -||craftstash.us$document ||crazyprize.buzz$document ||credit-monitoring-360.xyz$document ||crowdweightyellow.top$document @@ -94,6 +94,7 @@ ||fastwebb.xyz$document ||findaupgradingurls.work$document ||finditquick.online$document +||finreporter.net$document ||fireapps.cloud$document ||flash-rewards.info$document ||funanime.me$document @@ -115,7 +116,6 @@ ||huge2upgradescentral.work$document ||humansystemsecurity.top$document ||imagefind.org$document -||incing-marganic.icu$document ||initiatecompletelyprecisethefile.vip$document ||initiatecompletelyprogressivethefile.vip$document ||initiatecompletelyspeedythefile.vip$document @@ -143,10 +143,8 @@ ||juicydataage.ru$document ||juicydataair.ru$document ||juicydataalt.ru$document -||junemedia.bar$document ||junemedia.club$document ||junesmile.xyz$document -||keepinfit.net$document ||koalaautumna.xyz$document ||koalaautumnb.xyz$document ||koalaautumnc.xyz$document @@ -169,30 +167,24 @@ ||koalawinterc.xyz$document ||koalawinterd.xyz$document ||koalawintere.xyz$document +||kompsos.uk$document ||lackystack.net$document ||link4updatingcentral.work$document ||listenthisso.top$document ||lltrsknoob.click$document -||loadadvancedextremelythefile.vip$document -||loadextremelycurrentthefile.vip$document -||loadextremelyrecentthefile.vip$document ||loadfree-bestheavilyfile.best$document ||loadgreatlynewestthefile.vip$document ||loadgreatlyoriginalthefile.vip$document ||loadgreatlyprogressivethefile.vip$document ||loadgreatlyrenewedthefile.vip$document -||loadhighlyadvancedthefile.vip$document ||loadintenselyquickthefile.vip$document ||loadintenselyspeedythefile.vip$document ||loadintenselystrongthefile.vip$document ||loadintenselyswiftthefile.vip$document -||loadnewestextremelythefile.vip$document ||loadnewestgreatlythefile.vip$document -||loadoriginalextremelythefile.vip$document ||loadoriginalgreatlythefile.vip$document ||loadpreciseintenselythefile.vip$document ||loadprogressivegreatlythefile.vip$document -||loadrecentextremelythefile.vip$document ||loadrenewedgreatlythefile.vip$document ||loadstrongintenselythefile.vip$document ||loadswiftintenselythefile.vip$document @@ -292,6 +284,7 @@ ||rancy.xyz$document ||real-buy.net$document ||rewardgivingrealspecialoffer.cyou$document +||richsurvey.live$document ||runadvanced-bestgreatlyfile.best$document ||rungreatly-bestadvancedfile.best$document ||safeguide.net$document @@ -308,7 +301,6 @@ ||shopin.nyc$document ||shopnsave.world$document ||smartideas.pro$document -||software-dealz.de$document ||sonic-ocean.xyz$document ||sonic-plains.xyz$document ||sonic1asteroid.xyz$document @@ -361,13 +353,13 @@ ||theirproviderock.top$document ||thelastpicture.show$document ||timefornews.online$document -||timeoffers.net$document ||top-offers2.club$document ||topdating.online$document ||tracking-landers.xyz$document ||trotineo.fr$document ||truecompassion.net$document ||updatefix.xyz$document +||updateview.tech$document ||upplaysite.xyz$document ||usepro.me$document ||useprovpn.me$document @@ -390,6 +382,7 @@ ||viralsharks.net$document ||vpn-pro.club$document ||vpnsecurity.me$document +||wallda.site$document ||watchextremely-bestsophisticatedfile.best$document ||watchprogressive-bestmostfile.best$document ||watchquick-bestheavilyfile.best$document @@ -409,10 +402,10 @@ ||westastar.xyz$document ||winnerz.icu$document ||worldwideofficialpromotion.cyou$document -||your-magazine.me$document ||yourlegendarysystemsupgrade.work$document ||yourlinkplaceupdatingfree.work$document ||yourluckytoday.club$document ||yourmoneymachine.cc$document ||yoursafestgreatplaceupdates.work$document +||zalando-prive.es$document ||zeusmedia.info$document diff --git a/dist/pup-filter.tpl b/dist/pup-filter.tpl index fa0867d..ecc68f5 100644 --- a/dist/pup-filter.tpl +++ b/dist/pup-filter.tpl @@ -1,7 +1,7 @@ msFilterList # Title: PUP Hosts Blocklist (IE) # Description: Block domains that host potentially unwanted programs (PUP) -# Updated: Thu, 11 Nov 2021 12:03:21 +0000 +# Updated: Fri, 12 Nov 2021 00:02:54 +0000 # Expires: 1 day (update frequency) # Homepage: https://gitlab.com/curben/pup-filter # License: https://gitlab.com/curben/pup-filter#license @@ -10,6 +10,7 @@ msFilterList # -d 2021travel.net -d 4upgradingstablesafe.work +-d abcscience.xyz -d adslauchgo.xyz -d affiliateland.io -d aikoo.club @@ -61,7 +62,6 @@ msFilterList -d contentamigo.ru -d contentarea.ru -d country-news.live --d craftstash.us -d crazyprize.buzz -d credit-monitoring-360.xyz -d crowdweightyellow.top @@ -97,6 +97,7 @@ msFilterList -d fastwebb.xyz -d findaupgradingurls.work -d finditquick.online +-d finreporter.net -d fireapps.cloud -d flash-rewards.info -d funanime.me @@ -118,7 +119,6 @@ msFilterList -d huge2upgradescentral.work -d humansystemsecurity.top -d imagefind.org --d incing-marganic.icu -d initiatecompletelyprecisethefile.vip -d initiatecompletelyprogressivethefile.vip -d initiatecompletelyspeedythefile.vip @@ -146,10 +146,8 @@ msFilterList -d juicydataage.ru -d juicydataair.ru -d juicydataalt.ru --d junemedia.bar -d junemedia.club -d junesmile.xyz --d keepinfit.net -d koalaautumna.xyz -d koalaautumnb.xyz -d koalaautumnc.xyz @@ -172,30 +170,24 @@ msFilterList -d koalawinterc.xyz -d koalawinterd.xyz -d koalawintere.xyz +-d kompsos.uk -d lackystack.net -d link4updatingcentral.work -d listenthisso.top -d lltrsknoob.click --d loadadvancedextremelythefile.vip --d loadextremelycurrentthefile.vip --d loadextremelyrecentthefile.vip -d loadfree-bestheavilyfile.best -d loadgreatlynewestthefile.vip -d loadgreatlyoriginalthefile.vip -d loadgreatlyprogressivethefile.vip -d loadgreatlyrenewedthefile.vip --d loadhighlyadvancedthefile.vip -d loadintenselyquickthefile.vip -d loadintenselyspeedythefile.vip -d loadintenselystrongthefile.vip -d loadintenselyswiftthefile.vip --d loadnewestextremelythefile.vip -d loadnewestgreatlythefile.vip --d loadoriginalextremelythefile.vip -d loadoriginalgreatlythefile.vip -d loadpreciseintenselythefile.vip -d loadprogressivegreatlythefile.vip --d loadrecentextremelythefile.vip -d loadrenewedgreatlythefile.vip -d loadstrongintenselythefile.vip -d loadswiftintenselythefile.vip @@ -295,6 +287,7 @@ msFilterList -d rancy.xyz -d real-buy.net -d rewardgivingrealspecialoffer.cyou +-d richsurvey.live -d runadvanced-bestgreatlyfile.best -d rungreatly-bestadvancedfile.best -d safeguide.net @@ -311,7 +304,6 @@ msFilterList -d shopin.nyc -d shopnsave.world -d smartideas.pro --d software-dealz.de -d sonic-ocean.xyz -d sonic-plains.xyz -d sonic1asteroid.xyz @@ -364,13 +356,13 @@ msFilterList -d theirproviderock.top -d thelastpicture.show -d timefornews.online --d timeoffers.net -d top-offers2.club -d topdating.online -d tracking-landers.xyz -d trotineo.fr -d truecompassion.net -d updatefix.xyz +-d updateview.tech -d upplaysite.xyz -d usepro.me -d useprovpn.me @@ -393,6 +385,7 @@ msFilterList -d viralsharks.net -d vpn-pro.club -d vpnsecurity.me +-d wallda.site -d watchextremely-bestsophisticatedfile.best -d watchprogressive-bestmostfile.best -d watchquick-bestheavilyfile.best @@ -412,10 +405,10 @@ msFilterList -d westastar.xyz -d winnerz.icu -d worldwideofficialpromotion.cyou --d your-magazine.me -d yourlegendarysystemsupgrade.work -d yourlinkplaceupdatingfree.work -d yourluckytoday.club -d yourmoneymachine.cc -d yoursafestgreatplaceupdates.work +-d zalando-prive.es -d zeusmedia.info diff --git a/dist/pup-filter.txt b/dist/pup-filter.txt index b7bb925..300026f 100644 --- a/dist/pup-filter.txt +++ b/dist/pup-filter.txt @@ -1,12 +1,13 @@ ! Title: PUP Domains Blocklist ! Description: Block domains that host potentially unwanted programs (PUP) -! Updated: Thu, 11 Nov 2021 12:03:21 +0000 +! Updated: Fri, 12 Nov 2021 00:02:54 +0000 ! Expires: 1 day (update frequency) ! Homepage: https://gitlab.com/curben/pup-filter ! License: https://gitlab.com/curben/pup-filter#license ! Source: https://github.com/zhouhanc/malware-discoverer 2021travel.net 4upgradingstablesafe.work +abcscience.xyz adslauchgo.xyz affiliateland.io aikoo.club @@ -58,7 +59,6 @@ consumerprotectioncybersecurity.org contentamigo.ru contentarea.ru country-news.live -craftstash.us crazyprize.buzz credit-monitoring-360.xyz crowdweightyellow.top @@ -94,6 +94,7 @@ fastspotb.xyz fastwebb.xyz findaupgradingurls.work finditquick.online +finreporter.net fireapps.cloud flash-rewards.info funanime.me @@ -115,7 +116,6 @@ hpages.net huge2upgradescentral.work humansystemsecurity.top imagefind.org -incing-marganic.icu initiatecompletelyprecisethefile.vip initiatecompletelyprogressivethefile.vip initiatecompletelyspeedythefile.vip @@ -143,10 +143,8 @@ juicydataadvance.ru juicydataage.ru juicydataair.ru juicydataalt.ru -junemedia.bar junemedia.club junesmile.xyz -keepinfit.net koalaautumna.xyz koalaautumnb.xyz koalaautumnc.xyz @@ -169,30 +167,24 @@ koalawinterb.xyz koalawinterc.xyz koalawinterd.xyz koalawintere.xyz +kompsos.uk lackystack.net link4updatingcentral.work listenthisso.top lltrsknoob.click -loadadvancedextremelythefile.vip -loadextremelycurrentthefile.vip -loadextremelyrecentthefile.vip loadfree-bestheavilyfile.best loadgreatlynewestthefile.vip loadgreatlyoriginalthefile.vip loadgreatlyprogressivethefile.vip loadgreatlyrenewedthefile.vip -loadhighlyadvancedthefile.vip loadintenselyquickthefile.vip loadintenselyspeedythefile.vip loadintenselystrongthefile.vip loadintenselyswiftthefile.vip -loadnewestextremelythefile.vip loadnewestgreatlythefile.vip -loadoriginalextremelythefile.vip loadoriginalgreatlythefile.vip loadpreciseintenselythefile.vip loadprogressivegreatlythefile.vip -loadrecentextremelythefile.vip loadrenewedgreatlythefile.vip loadstrongintenselythefile.vip loadswiftintenselythefile.vip @@ -292,6 +284,7 @@ quizshein.shop rancy.xyz real-buy.net rewardgivingrealspecialoffer.cyou +richsurvey.live runadvanced-bestgreatlyfile.best rungreatly-bestadvancedfile.best safeguide.net @@ -308,7 +301,6 @@ sergey-tracks.xyz shopin.nyc shopnsave.world smartideas.pro -software-dealz.de sonic-ocean.xyz sonic-plains.xyz sonic1asteroid.xyz @@ -361,13 +353,13 @@ thedealexpert.net theirproviderock.top thelastpicture.show timefornews.online -timeoffers.net top-offers2.club topdating.online tracking-landers.xyz trotineo.fr truecompassion.net updatefix.xyz +updateview.tech upplaysite.xyz usepro.me useprovpn.me @@ -390,6 +382,7 @@ videovoiceace.ru viralsharks.net vpn-pro.club vpnsecurity.me +wallda.site watchextremely-bestsophisticatedfile.best watchprogressive-bestmostfile.best watchquick-bestheavilyfile.best @@ -409,10 +402,10 @@ westasea.xyz westastar.xyz winnerz.icu worldwideofficialpromotion.cyou -your-magazine.me yourlegendarysystemsupgrade.work yourlinkplaceupdatingfree.work yourluckytoday.club yourmoneymachine.cc yoursafestgreatplaceupdates.work +zalando-prive.es zeusmedia.info