Filter updated: Wed, 13 Oct 2021 12:03:08 +0000

2021-10-13 12:03:08 +00:00 · 2021-10-13 12:03:08 +00:00 · 9b5b9b73ce
parent e621d53792
commit 9b5b9b73ce
15 changed files with 580 additions and 580 deletions
--- a/dist/pup-filter-ag.txt
+++ b/dist/pup-filter-ag.txt
@ -1,13 +1,13 @@
 ! Title: PUP Domains Blocklist (AdGuard)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Wed, 13 Oct 2021 00:02:41 +0000
+! Updated: Wed, 13 Oct 2021 12:03:08 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
 ! Source: https://github.com/zhouhanc/malware-discoverer
 ||2021travel.net$all
 ||4upgradingstablesafe.work$all
-||abcscience.xyz$all
+||affiliateland.io$all
 ||aikoo.club$all
 ||amobil.online$all
 ||appzfirer.biz$all
@ -79,7 +79,6 @@
 ||funspine.xyz$all
 ||genertellife.it$all
 ||get-your-score.club$all
-||getbril.io$all
 ||getmoregirls.net$all
 ||girlsnearyou.online$all
 ||gladmstreet.xyz$all
@ -246,6 +245,7 @@
 ||playautumnc.xyz$all
 ||playautumnd.xyz$all
 ||playautumne.xyz$all
+||playautumnf.xyz$all
 ||playplanete.xyz$all
 ||playspind.xyz$all
 ||playspringa.xyz$all
@ -293,7 +293,6 @@
 ||search4theupgradeset.info$all
 ||search4upgradingset.info$all
 ||searchmgr.online$all
-||seasoned.co$all
 ||securitevpn.me$all
 ||securityvpnpro.me$all
 ||sergey-tracks.xyz$all
@ -301,6 +300,7 @@
 ||shopadvisors.net$all
 ||shopin.nyc$all
 ||shopnsave.world$all
+||signupandturnyourscreenoffsafepowernow.date$all
 ||smartideas.pro$all
 ||spotmapd.xyz$all
 ||spotmapf.xyz$all
--- a/dist/pup-filter-agh.txt
+++ b/dist/pup-filter-agh.txt
@ -1,13 +1,13 @@
 ! Title: PUP Domains Blocklist (AdGuard Home)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Wed, 13 Oct 2021 00:02:41 +0000
+! Updated: Wed, 13 Oct 2021 12:03:08 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
 ! Source: https://github.com/zhouhanc/malware-discoverer
 ||2021travel.net^
 ||4upgradingstablesafe.work^
-||abcscience.xyz^
+||affiliateland.io^
 ||aikoo.club^
 ||amobil.online^
 ||appzfirer.biz^
@ -79,7 +79,6 @@
 ||funspine.xyz^
 ||genertellife.it^
 ||get-your-score.club^
-||getbril.io^
 ||getmoregirls.net^
 ||girlsnearyou.online^
 ||gladmstreet.xyz^
@ -246,6 +245,7 @@
 ||playautumnc.xyz^
 ||playautumnd.xyz^
 ||playautumne.xyz^
+||playautumnf.xyz^
 ||playplanete.xyz^
 ||playspind.xyz^
 ||playspringa.xyz^
@ -293,7 +293,6 @@
 ||search4theupgradeset.info^
 ||search4upgradingset.info^
 ||searchmgr.online^
-||seasoned.co^
 ||securitevpn.me^
 ||securityvpnpro.me^
 ||sergey-tracks.xyz^
@ -301,6 +300,7 @@
 ||shopadvisors.net^
 ||shopin.nyc^
 ||shopnsave.world^
+||signupandturnyourscreenoffsafepowernow.date^
 ||smartideas.pro^
 ||spotmapd.xyz^
 ||spotmapf.xyz^
--- a/dist/pup-filter-bind.conf
+++ b/dist/pup-filter-bind.conf
@ -1,13 +1,13 @@
 # Title: PUP Domains BIND Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 zone "2021travel.net" { type master; notify no; file "null.zone.file"; };
 zone "4upgradingstablesafe.work" { type master; notify no; file "null.zone.file"; };
-zone "abcscience.xyz" { type master; notify no; file "null.zone.file"; };
+zone "affiliateland.io" { type master; notify no; file "null.zone.file"; };
 zone "aikoo.club" { type master; notify no; file "null.zone.file"; };
 zone "amobil.online" { type master; notify no; file "null.zone.file"; };
 zone "appzfirer.biz" { type master; notify no; file "null.zone.file"; };
@ -79,7 +79,6 @@ zone "funny-media.ru" { type master; notify no; file "null.zone.file"; };
 zone "funspine.xyz" { type master; notify no; file "null.zone.file"; };
 zone "genertellife.it" { type master; notify no; file "null.zone.file"; };
 zone "get-your-score.club" { type master; notify no; file "null.zone.file"; };
-zone "getbril.io" { type master; notify no; file "null.zone.file"; };
 zone "getmoregirls.net" { type master; notify no; file "null.zone.file"; };
 zone "girlsnearyou.online" { type master; notify no; file "null.zone.file"; };
 zone "gladmstreet.xyz" { type master; notify no; file "null.zone.file"; };
@ -246,6 +245,7 @@ zone "playautumnb.xyz" { type master; notify no; file "null.zone.file"; };
 zone "playautumnc.xyz" { type master; notify no; file "null.zone.file"; };
 zone "playautumnd.xyz" { type master; notify no; file "null.zone.file"; };
 zone "playautumne.xyz" { type master; notify no; file "null.zone.file"; };
+zone "playautumnf.xyz" { type master; notify no; file "null.zone.file"; };
 zone "playplanete.xyz" { type master; notify no; file "null.zone.file"; };
 zone "playspind.xyz" { type master; notify no; file "null.zone.file"; };
 zone "playspringa.xyz" { type master; notify no; file "null.zone.file"; };
@ -293,7 +293,6 @@ zone "search4theupdatefree.work" { type master; notify no; file "null.zone.file"
 zone "search4theupgradeset.info" { type master; notify no; file "null.zone.file"; };
 zone "search4upgradingset.info" { type master; notify no; file "null.zone.file"; };
 zone "searchmgr.online" { type master; notify no; file "null.zone.file"; };
-zone "seasoned.co" { type master; notify no; file "null.zone.file"; };
 zone "securitevpn.me" { type master; notify no; file "null.zone.file"; };
 zone "securityvpnpro.me" { type master; notify no; file "null.zone.file"; };
 zone "sergey-tracks.xyz" { type master; notify no; file "null.zone.file"; };
@ -301,6 +300,7 @@ zone "settothereliableupgradingnew.work" { type master; notify no; file "null.zo
 zone "shopadvisors.net" { type master; notify no; file "null.zone.file"; };
 zone "shopin.nyc" { type master; notify no; file "null.zone.file"; };
 zone "shopnsave.world" { type master; notify no; file "null.zone.file"; };
+zone "signupandturnyourscreenoffsafepowernow.date" { type master; notify no; file "null.zone.file"; };
 zone "smartideas.pro" { type master; notify no; file "null.zone.file"; };
 zone "spotmapd.xyz" { type master; notify no; file "null.zone.file"; };
 zone "spotmapf.xyz" { type master; notify no; file "null.zone.file"; };
--- a/dist/pup-filter-dnscrypt-blocked-names.txt
+++ b/dist/pup-filter-dnscrypt-blocked-names.txt
@ -1,13 +1,13 @@
 # Title: PUP Names Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 2021travel.net
 4upgradingstablesafe.work
-abcscience.xyz
+affiliateland.io
 aikoo.club
 amobil.online
 appzfirer.biz
@ -79,7 +79,6 @@ funny-media.ru
 funspine.xyz
 genertellife.it
 get-your-score.club
-getbril.io
 getmoregirls.net
 girlsnearyou.online
 gladmstreet.xyz
@ -246,6 +245,7 @@ playautumnb.xyz
 playautumnc.xyz
 playautumnd.xyz
 playautumne.xyz
+playautumnf.xyz
 playplanete.xyz
 playspind.xyz
 playspringa.xyz
@ -293,7 +293,6 @@ search4theupdatefree.work
 search4theupgradeset.info
 search4upgradingset.info
 searchmgr.online
-seasoned.co
 securitevpn.me
 securityvpnpro.me
 sergey-tracks.xyz
@ -301,6 +300,7 @@ settothereliableupgradingnew.work
 shopadvisors.net
 shopin.nyc
 shopnsave.world
+signupandturnyourscreenoffsafepowernow.date
 smartideas.pro
 spotmapd.xyz
 spotmapf.xyz
--- a/dist/pup-filter-dnsmasq.conf
+++ b/dist/pup-filter-dnsmasq.conf
@ -1,13 +1,13 @@
 # Title: PUP Domains dnsmasq Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 address=/2021travel.net/0.0.0.0
 address=/4upgradingstablesafe.work/0.0.0.0
-address=/abcscience.xyz/0.0.0.0
+address=/affiliateland.io/0.0.0.0
 address=/aikoo.club/0.0.0.0
 address=/amobil.online/0.0.0.0
 address=/appzfirer.biz/0.0.0.0
@ -79,7 +79,6 @@ address=/funny-media.ru/0.0.0.0
 address=/funspine.xyz/0.0.0.0
 address=/genertellife.it/0.0.0.0
 address=/get-your-score.club/0.0.0.0
-address=/getbril.io/0.0.0.0
 address=/getmoregirls.net/0.0.0.0
 address=/girlsnearyou.online/0.0.0.0
 address=/gladmstreet.xyz/0.0.0.0
@ -246,6 +245,7 @@ address=/playautumnb.xyz/0.0.0.0
 address=/playautumnc.xyz/0.0.0.0
 address=/playautumnd.xyz/0.0.0.0
 address=/playautumne.xyz/0.0.0.0
+address=/playautumnf.xyz/0.0.0.0
 address=/playplanete.xyz/0.0.0.0
 address=/playspind.xyz/0.0.0.0
 address=/playspringa.xyz/0.0.0.0
@ -293,7 +293,6 @@ address=/search4theupdatefree.work/0.0.0.0
 address=/search4theupgradeset.info/0.0.0.0
 address=/search4upgradingset.info/0.0.0.0
 address=/searchmgr.online/0.0.0.0
-address=/seasoned.co/0.0.0.0
 address=/securitevpn.me/0.0.0.0
 address=/securityvpnpro.me/0.0.0.0
 address=/sergey-tracks.xyz/0.0.0.0
@ -301,6 +300,7 @@ address=/settothereliableupgradingnew.work/0.0.0.0
 address=/shopadvisors.net/0.0.0.0
 address=/shopin.nyc/0.0.0.0
 address=/shopnsave.world/0.0.0.0
+address=/signupandturnyourscreenoffsafepowernow.date/0.0.0.0
 address=/smartideas.pro/0.0.0.0
 address=/spotmapd.xyz/0.0.0.0
 address=/spotmapf.xyz/0.0.0.0
--- a/dist/pup-filter-domains.txt
+++ b/dist/pup-filter-domains.txt
@ -1,13 +1,13 @@
 # Title: PUP Domains Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 2021travel.net
 4upgradingstablesafe.work
-abcscience.xyz
+affiliateland.io
 aikoo.club
 amobil.online
 appzfirer.biz
@ -79,7 +79,6 @@ funny-media.ru
 funspine.xyz
 genertellife.it
 get-your-score.club
-getbril.io
 getmoregirls.net
 girlsnearyou.online
 gladmstreet.xyz
@ -246,6 +245,7 @@ playautumnb.xyz
 playautumnc.xyz
 playautumnd.xyz
 playautumne.xyz
+playautumnf.xyz
 playplanete.xyz
 playspind.xyz
 playspringa.xyz
@ -293,7 +293,6 @@ search4theupdatefree.work
 search4theupgradeset.info
 search4upgradingset.info
 searchmgr.online
-seasoned.co
 securitevpn.me
 securityvpnpro.me
 sergey-tracks.xyz
@ -301,6 +300,7 @@ settothereliableupgradingnew.work
 shopadvisors.net
 shopin.nyc
 shopnsave.world
+signupandturnyourscreenoffsafepowernow.date
 smartideas.pro
 spotmapd.xyz
 spotmapf.xyz
--- a/dist/pup-filter-hosts.txt
+++ b/dist/pup-filter-hosts.txt
@ -1,13 +1,13 @@
 # Title: PUP Hosts Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 0.0.0.0 2021travel.net
 0.0.0.0 4upgradingstablesafe.work
-0.0.0.0 abcscience.xyz
+0.0.0.0 affiliateland.io
 0.0.0.0 aikoo.club
 0.0.0.0 amobil.online
 0.0.0.0 appzfirer.biz
@ -79,7 +79,6 @@
 0.0.0.0 funspine.xyz
 0.0.0.0 genertellife.it
 0.0.0.0 get-your-score.club
-0.0.0.0 getbril.io
 0.0.0.0 getmoregirls.net
 0.0.0.0 girlsnearyou.online
 0.0.0.0 gladmstreet.xyz
@ -246,6 +245,7 @@
 0.0.0.0 playautumnc.xyz
 0.0.0.0 playautumnd.xyz
 0.0.0.0 playautumne.xyz
+0.0.0.0 playautumnf.xyz
 0.0.0.0 playplanete.xyz
 0.0.0.0 playspind.xyz
 0.0.0.0 playspringa.xyz
@ -293,7 +293,6 @@
 0.0.0.0 search4theupgradeset.info
 0.0.0.0 search4upgradingset.info
 0.0.0.0 searchmgr.online
-0.0.0.0 seasoned.co
 0.0.0.0 securitevpn.me
 0.0.0.0 securityvpnpro.me
 0.0.0.0 sergey-tracks.xyz
@ -301,6 +300,7 @@
 0.0.0.0 shopadvisors.net
 0.0.0.0 shopin.nyc
 0.0.0.0 shopnsave.world
+0.0.0.0 signupandturnyourscreenoffsafepowernow.date
 0.0.0.0 smartideas.pro
 0.0.0.0 spotmapd.xyz
 0.0.0.0 spotmapf.xyz
--- a/dist/pup-filter-rpz.conf
+++ b/dist/pup-filter-rpz.conf
@ -1,18 +1,18 @@
 ; Title: PUP Domains RPZ Blocklist
 ; Description: Block domains that host potentially unwanted programs (PUP)
-; Updated: Wed, 13 Oct 2021 00:02:41 +0000
+; Updated: Wed, 13 Oct 2021 12:03:08 +0000
 ; Expires: 1 day (update frequency)
 ; Homepage: https://gitlab.com/curben/pup-filter
 ; License: https://gitlab.com/curben/pup-filter#license
 ; Source: https://github.com/zhouhanc/malware-discoverer

 $TTL 30
-@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1634083361 86400 3600 604800 30
+@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1634126588 86400 3600 604800 30
 NS localhost.

 2021travel.net CNAME .
 4upgradingstablesafe.work CNAME .
-abcscience.xyz CNAME .
+affiliateland.io CNAME .
 aikoo.club CNAME .
 amobil.online CNAME .
 appzfirer.biz CNAME .
@ -84,7 +84,6 @@ funny-media.ru CNAME .
 funspine.xyz CNAME .
 genertellife.it CNAME .
 get-your-score.club CNAME .
-getbril.io CNAME .
 getmoregirls.net CNAME .
 girlsnearyou.online CNAME .
 gladmstreet.xyz CNAME .
@ -251,6 +250,7 @@ playautumnb.xyz CNAME .
 playautumnc.xyz CNAME .
 playautumnd.xyz CNAME .
 playautumne.xyz CNAME .
+playautumnf.xyz CNAME .
 playplanete.xyz CNAME .
 playspind.xyz CNAME .
 playspringa.xyz CNAME .
@ -298,7 +298,6 @@ search4theupdatefree.work CNAME .
 search4theupgradeset.info CNAME .
 search4upgradingset.info CNAME .
 searchmgr.online CNAME .
-seasoned.co CNAME .
 securitevpn.me CNAME .
 securityvpnpro.me CNAME .
 sergey-tracks.xyz CNAME .
@ -306,6 +305,7 @@ settothereliableupgradingnew.work CNAME .
 shopadvisors.net CNAME .
 shopin.nyc CNAME .
 shopnsave.world CNAME .
+signupandturnyourscreenoffsafepowernow.date CNAME .
 smartideas.pro CNAME .
 spotmapd.xyz CNAME .
 spotmapf.xyz CNAME .
--- a/dist/pup-filter-snort2.rules
+++ b/dist/pup-filter-snort2.rules
@ -1,13 +1,13 @@
 # Title: PUP Domains Snort2 Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"2021travel.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000001; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"4upgradingstablesafe.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"abcscience.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"affiliateland.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"amobil.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
@ -79,173 +79,173 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000072; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"get-your-score.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getbril.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getmoregirls.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladplacespin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hailso.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"httqzq.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypezen.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ientsillness.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incing-marganic.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incrediblebuzz.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateprogressivecompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatesophisticatedcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"intelectaction.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"investinfo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"isystemupdate.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jetsummer.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jojomamanbebe.ie"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"joyspotmap.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jtkszl.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataadvance.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataage.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataair.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.bar"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000115; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junesmile.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000116; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepinfit.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000117; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000118; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000119; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000120; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000121; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000122; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000123; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000124; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000125; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000126; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000127; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000128; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000129; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000130; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000131; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000132; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000133; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000134; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000135; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000136; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000137; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000138; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"kompsos.uk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000139; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ktpyzw.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000140; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lackystack.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000141; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ligamedia.art"; content:"Host"; http_header; classtype:web-application-activity; sid:300000142; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ligamedia.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000143; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ligamedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000144; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"link4updatingcentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000145; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"listenthisso.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000146; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lltrsknoob.click"; content:"Host"; http_header; classtype:web-application-activity; sid:300000147; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadadvancedextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000148; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaddevelopeduberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000149; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadextremelycurrentthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000150; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadextremelyquickfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000151; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadextremelyrecentthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000152; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadfree-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000153; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadfreeextremelyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000154; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlynewestthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000155; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyoriginalthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000156; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000157; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyrenewedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000158; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadhighlyadvancedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000159; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyquickthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000160; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000161; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselystrongthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000162; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000163; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadnewestextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000164; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadnewestgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000165; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadoriginalextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000166; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadoriginalgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000167; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadpreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000168; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadpreciseuberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000169; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadprogressivegreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000170; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadquickextremelyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000171; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrecentextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000172; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrecentoverlyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000173; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrefineduberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000174; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrenewedgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000175; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadsophisticateduberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000176; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadstreamlaunch.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000177; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadstrongextremelyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000178; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadstrongintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000179; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadswiftintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000180; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaduberprecisefile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaduberspeedyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"louisvillegigs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loveorfun.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketloans.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"matchyourgirl.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mathison.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"media-cloud.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaadvanced.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeryslotspin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobileluckywinner.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"money-hero.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"movievod.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mynutriplan.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"n95o0fxvvw.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newbuy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsinformer.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"official-bigwin-national-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialbigwinnationalfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"oldharper.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"olivedinflats.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-prize-super-promotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprizesuperpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlinewinnerluckyrewards.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ouldthepat.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pcsecurity-live.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placesiteb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getmoregirls.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladplacespin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hailso.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"httqzq.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypezen.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ientsillness.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incing-marganic.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incrediblebuzz.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatecompletelyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiateprogressivecompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"initiatesophisticatedcompletelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"intelectaction.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"investinfo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"isystemupdate.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jetsummer.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jojomamanbebe.ie"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"joyspotmap.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jtkszl.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataadvance.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataage.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataair.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"juicydataalt.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.bar"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junemedia.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"junesmile.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000115; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"keepinfit.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000116; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000117; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000118; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000119; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000120; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000121; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000122; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000123; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000124; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000125; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000126; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000127; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000128; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000129; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000130; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000131; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000132; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000133; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000134; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000135; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000136; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"koalawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000137; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"kompsos.uk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000138; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ktpyzw.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000139; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lackystack.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000140; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ligamedia.art"; content:"Host"; http_header; classtype:web-application-activity; sid:300000141; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ligamedia.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000142; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ligamedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000143; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"link4updatingcentral.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000144; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"listenthisso.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000145; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lltrsknoob.click"; content:"Host"; http_header; classtype:web-application-activity; sid:300000146; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadadvancedextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000147; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaddevelopeduberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000148; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadextremelycurrentthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000149; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadextremelyquickfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000150; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadextremelyrecentthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000151; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadfree-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000152; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadfreeextremelyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000153; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlynewestthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000154; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyoriginalthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000155; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyprogressivethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000156; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadgreatlyrenewedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000157; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadhighlyadvancedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000158; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyquickthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000159; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000160; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselystrongthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000161; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadintenselyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000162; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadnewestextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000163; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadnewestgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000164; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadoriginalextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000165; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadoriginalgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000166; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadpreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000167; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadpreciseuberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000168; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadprogressivegreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000169; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadquickextremelyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000170; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrecentextremelythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000171; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrecentoverlyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000172; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrefineduberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000173; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadrenewedgreatlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000174; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadsophisticateduberfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000175; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadstreamlaunch.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000176; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadstrongextremelyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000177; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadstrongintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000178; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loadswiftintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000179; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaduberprecisefile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000180; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loaduberspeedyfile.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000181; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"louisvillegigs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000182; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"loveorfun.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000183; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"lubbockeda.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000184; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"marketloans.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000185; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"matchyourgirl.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000186; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mathison.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000187; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"media-cloud.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000188; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mediaadvanced.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000189; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"meeryslotspin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mindmatch.ai"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobileluckywinner.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"money-hero.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"movievod.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mynutriplan.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"n95o0fxvvw.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newbuy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsinformer.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"official-bigwin-national-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"officialbigwinnationalfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"oldharper.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"olivedinflats.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"online-prize-super-promotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlineprizesuperpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"onlinewinnerluckyrewards.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ouldthepat.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pcsecurity-live.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"photo-explorer.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placesiteb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspind.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
@ -293,14 +293,14 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seasoned.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopadvisors.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
-alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopadvisors.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
+alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
 alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
--- a/dist/pup-filter-snort3.rules
+++ b/dist/pup-filter-snort3.rules
@ -1,13 +1,13 @@
 # Title: PUP Domains Snort3 Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"2021travel.net",nocase; classtype:web-application-activity; sid:300000001; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"4upgradingstablesafe.work",nocase; classtype:web-application-activity; sid:300000002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"abcscience.xyz",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"affiliateland.io",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"amobil.online",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
@ -79,173 +79,173 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000072; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"get-your-score.club",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getbril.io",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getmoregirls.net",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladplacespin.xyz",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.cam",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.monster",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hailso.xyz",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"httqzq.vip",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hypezen.info",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ientsillness.fun",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incing-marganic.icu",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incrediblebuzz.info",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateprogressivecompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatesophisticatedcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"intelectaction.ru",nocase; classtype:web-application-activity; sid:300000101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"investinfo.net",nocase; classtype:web-application-activity; sid:300000102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ironprovpn.me",nocase; classtype:web-application-activity; sid:300000103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"isystemupdate.cloud",nocase; classtype:web-application-activity; sid:300000104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jetsummer.xyz",nocase; classtype:web-application-activity; sid:300000105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jojomamanbebe.ie",nocase; classtype:web-application-activity; sid:300000106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"joyspotmap.xyz",nocase; classtype:web-application-activity; sid:300000107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jtkszl.vip",nocase; classtype:web-application-activity; sid:300000108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataadvance.ru",nocase; classtype:web-application-activity; sid:300000109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataage.ru",nocase; classtype:web-application-activity; sid:300000110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataair.ru",nocase; classtype:web-application-activity; sid:300000111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataalt.ru",nocase; classtype:web-application-activity; sid:300000112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.bar",nocase; classtype:web-application-activity; sid:300000113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.club",nocase; classtype:web-application-activity; sid:300000114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.xyz",nocase; classtype:web-application-activity; sid:300000115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junesmile.xyz",nocase; classtype:web-application-activity; sid:300000116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"keepinfit.net",nocase; classtype:web-application-activity; sid:300000117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumna.xyz",nocase; classtype:web-application-activity; sid:300000118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumne.xyz",nocase; classtype:web-application-activity; sid:300000122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringa.xyz",nocase; classtype:web-application-activity; sid:300000123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringb.xyz",nocase; classtype:web-application-activity; sid:300000124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringc.xyz",nocase; classtype:web-application-activity; sid:300000125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringd.xyz",nocase; classtype:web-application-activity; sid:300000126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringe.xyz",nocase; classtype:web-application-activity; sid:300000127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringf.xyz",nocase; classtype:web-application-activity; sid:300000128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummera.xyz",nocase; classtype:web-application-activity; sid:300000129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerc.xyz",nocase; classtype:web-application-activity; sid:300000130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerd.xyz",nocase; classtype:web-application-activity; sid:300000131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummere.xyz",nocase; classtype:web-application-activity; sid:300000132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerf.xyz",nocase; classtype:web-application-activity; sid:300000133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintera.xyz",nocase; classtype:web-application-activity; sid:300000134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterb.xyz",nocase; classtype:web-application-activity; sid:300000135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterc.xyz",nocase; classtype:web-application-activity; sid:300000136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterd.xyz",nocase; classtype:web-application-activity; sid:300000137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintere.xyz",nocase; classtype:web-application-activity; sid:300000138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"kompsos.uk",nocase; classtype:web-application-activity; sid:300000139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ktpyzw.vip",nocase; classtype:web-application-activity; sid:300000140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lackystack.net",nocase; classtype:web-application-activity; sid:300000141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ligamedia.art",nocase; classtype:web-application-activity; sid:300000142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ligamedia.casa",nocase; classtype:web-application-activity; sid:300000143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ligamedia.club",nocase; classtype:web-application-activity; sid:300000144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"link4updatingcentral.work",nocase; classtype:web-application-activity; sid:300000145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"listenthisso.top",nocase; classtype:web-application-activity; sid:300000146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lltrsknoob.click",nocase; classtype:web-application-activity; sid:300000147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadadvancedextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaddevelopeduberfile.digital",nocase; classtype:web-application-activity; sid:300000149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadextremelycurrentthefile.vip",nocase; classtype:web-application-activity; sid:300000150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadextremelyquickfile.digital",nocase; classtype:web-application-activity; sid:300000151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadextremelyrecentthefile.vip",nocase; classtype:web-application-activity; sid:300000152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadfree-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadfreeextremelyfile.digital",nocase; classtype:web-application-activity; sid:300000154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlynewestthefile.vip",nocase; classtype:web-application-activity; sid:300000155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyoriginalthefile.vip",nocase; classtype:web-application-activity; sid:300000156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyrenewedthefile.vip",nocase; classtype:web-application-activity; sid:300000158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadhighlyadvancedthefile.vip",nocase; classtype:web-application-activity; sid:300000159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyquickthefile.vip",nocase; classtype:web-application-activity; sid:300000160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselystrongthefile.vip",nocase; classtype:web-application-activity; sid:300000162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadnewestextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadnewestgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadoriginalextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadoriginalgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadpreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadpreciseuberfile.digital",nocase; classtype:web-application-activity; sid:300000169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadprogressivegreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadquickextremelyfile.digital",nocase; classtype:web-application-activity; sid:300000171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrecentextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrecentoverlyfile.digital",nocase; classtype:web-application-activity; sid:300000173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrefineduberfile.digital",nocase; classtype:web-application-activity; sid:300000174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrenewedgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadsophisticateduberfile.digital",nocase; classtype:web-application-activity; sid:300000176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadstreamlaunch.digital",nocase; classtype:web-application-activity; sid:300000177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadstrongextremelyfile.digital",nocase; classtype:web-application-activity; sid:300000178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadstrongintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadswiftintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaduberprecisefile.digital",nocase; classtype:web-application-activity; sid:300000181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaduberspeedyfile.digital",nocase; classtype:web-application-activity; sid:300000182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"louisvillegigs.net",nocase; classtype:web-application-activity; sid:300000183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loveorfun.cc",nocase; classtype:web-application-activity; sid:300000184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"marketloans.net",nocase; classtype:web-application-activity; sid:300000186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"matchyourgirl.online",nocase; classtype:web-application-activity; sid:300000187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mathison.io",nocase; classtype:web-application-activity; sid:300000188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"media-cloud.ru",nocase; classtype:web-application-activity; sid:300000189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaadvanced.ru",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"meeryslotspin.xyz",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobileluckywinner.site",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"money-hero.org",nocase; classtype:web-application-activity; sid:300000194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"movievod.me",nocase; classtype:web-application-activity; sid:300000195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mynutriplan.co",nocase; classtype:web-application-activity; sid:300000196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"n95o0fxvvw.top",nocase; classtype:web-application-activity; sid:300000197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newbuy.xyz",nocase; classtype:web-application-activity; sid:300000199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsinformer.net",nocase; classtype:web-application-activity; sid:300000200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"official-bigwin-national-free.cyou",nocase; classtype:web-application-activity; sid:300000203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"officialbigwinnationalfree.cyou",nocase; classtype:web-application-activity; sid:300000204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"oldharper.xyz",nocase; classtype:web-application-activity; sid:300000205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"olivedinflats.space",nocase; classtype:web-application-activity; sid:300000206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"online-prize-super-promotion.cyou",nocase; classtype:web-application-activity; sid:300000207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprize.cyou",nocase; classtype:web-application-activity; sid:300000208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprizesuperpromotion.cyou",nocase; classtype:web-application-activity; sid:300000209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlinewinnerluckyrewards.cyou",nocase; classtype:web-application-activity; sid:300000210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ouldthepat.fun",nocase; classtype:web-application-activity; sid:300000211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumna.xyz",nocase; classtype:web-application-activity; sid:300000212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringa.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringb.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringc.xyz",nocase; classtype:web-application-activity; sid:300000219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringd.xyz",nocase; classtype:web-application-activity; sid:300000220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummera.xyz",nocase; classtype:web-application-activity; sid:300000222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerc.xyz",nocase; classtype:web-application-activity; sid:300000223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerd.xyz",nocase; classtype:web-application-activity; sid:300000224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummere.xyz",nocase; classtype:web-application-activity; sid:300000225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerf.xyz",nocase; classtype:web-application-activity; sid:300000226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintera.xyz",nocase; classtype:web-application-activity; sid:300000227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterb.xyz",nocase; classtype:web-application-activity; sid:300000228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pcsecurity-live.xyz",nocase; classtype:web-application-activity; sid:300000232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placesiteb.xyz",nocase; classtype:web-application-activity; sid:300000235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getmoregirls.net",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladplacespin.xyz",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.cam",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.monster",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hailso.xyz",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"httqzq.vip",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hypezen.info",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ientsillness.fun",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incing-marganic.icu",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incrediblebuzz.info",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatecompletelyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiateprogressivecompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"initiatesophisticatedcompletelythefile.vip",nocase; classtype:web-application-activity; sid:300000099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"intelectaction.ru",nocase; classtype:web-application-activity; sid:300000100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"investinfo.net",nocase; classtype:web-application-activity; sid:300000101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ironprovpn.me",nocase; classtype:web-application-activity; sid:300000102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"isystemupdate.cloud",nocase; classtype:web-application-activity; sid:300000103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jetsummer.xyz",nocase; classtype:web-application-activity; sid:300000104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jojomamanbebe.ie",nocase; classtype:web-application-activity; sid:300000105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"joyspotmap.xyz",nocase; classtype:web-application-activity; sid:300000106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jtkszl.vip",nocase; classtype:web-application-activity; sid:300000107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataadvance.ru",nocase; classtype:web-application-activity; sid:300000108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataage.ru",nocase; classtype:web-application-activity; sid:300000109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataair.ru",nocase; classtype:web-application-activity; sid:300000110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"juicydataalt.ru",nocase; classtype:web-application-activity; sid:300000111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.bar",nocase; classtype:web-application-activity; sid:300000112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.club",nocase; classtype:web-application-activity; sid:300000113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junemedia.xyz",nocase; classtype:web-application-activity; sid:300000114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"junesmile.xyz",nocase; classtype:web-application-activity; sid:300000115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"keepinfit.net",nocase; classtype:web-application-activity; sid:300000116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumna.xyz",nocase; classtype:web-application-activity; sid:300000117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaautumne.xyz",nocase; classtype:web-application-activity; sid:300000121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringa.xyz",nocase; classtype:web-application-activity; sid:300000122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringb.xyz",nocase; classtype:web-application-activity; sid:300000123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringc.xyz",nocase; classtype:web-application-activity; sid:300000124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringd.xyz",nocase; classtype:web-application-activity; sid:300000125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringe.xyz",nocase; classtype:web-application-activity; sid:300000126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalaspringf.xyz",nocase; classtype:web-application-activity; sid:300000127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummera.xyz",nocase; classtype:web-application-activity; sid:300000128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerc.xyz",nocase; classtype:web-application-activity; sid:300000129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerd.xyz",nocase; classtype:web-application-activity; sid:300000130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummere.xyz",nocase; classtype:web-application-activity; sid:300000131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalasummerf.xyz",nocase; classtype:web-application-activity; sid:300000132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintera.xyz",nocase; classtype:web-application-activity; sid:300000133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterb.xyz",nocase; classtype:web-application-activity; sid:300000134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterc.xyz",nocase; classtype:web-application-activity; sid:300000135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawinterd.xyz",nocase; classtype:web-application-activity; sid:300000136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"koalawintere.xyz",nocase; classtype:web-application-activity; sid:300000137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"kompsos.uk",nocase; classtype:web-application-activity; sid:300000138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ktpyzw.vip",nocase; classtype:web-application-activity; sid:300000139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lackystack.net",nocase; classtype:web-application-activity; sid:300000140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ligamedia.art",nocase; classtype:web-application-activity; sid:300000141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ligamedia.casa",nocase; classtype:web-application-activity; sid:300000142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ligamedia.club",nocase; classtype:web-application-activity; sid:300000143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"link4updatingcentral.work",nocase; classtype:web-application-activity; sid:300000144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"listenthisso.top",nocase; classtype:web-application-activity; sid:300000145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lltrsknoob.click",nocase; classtype:web-application-activity; sid:300000146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadadvancedextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaddevelopeduberfile.digital",nocase; classtype:web-application-activity; sid:300000148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadextremelycurrentthefile.vip",nocase; classtype:web-application-activity; sid:300000149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadextremelyquickfile.digital",nocase; classtype:web-application-activity; sid:300000150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadextremelyrecentthefile.vip",nocase; classtype:web-application-activity; sid:300000151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadfree-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadfreeextremelyfile.digital",nocase; classtype:web-application-activity; sid:300000153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlynewestthefile.vip",nocase; classtype:web-application-activity; sid:300000154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyoriginalthefile.vip",nocase; classtype:web-application-activity; sid:300000155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyprogressivethefile.vip",nocase; classtype:web-application-activity; sid:300000156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadgreatlyrenewedthefile.vip",nocase; classtype:web-application-activity; sid:300000157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadhighlyadvancedthefile.vip",nocase; classtype:web-application-activity; sid:300000158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyquickthefile.vip",nocase; classtype:web-application-activity; sid:300000159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselystrongthefile.vip",nocase; classtype:web-application-activity; sid:300000161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadintenselyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadnewestextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadnewestgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadoriginalextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadoriginalgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadpreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadpreciseuberfile.digital",nocase; classtype:web-application-activity; sid:300000168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadprogressivegreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadquickextremelyfile.digital",nocase; classtype:web-application-activity; sid:300000170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrecentextremelythefile.vip",nocase; classtype:web-application-activity; sid:300000171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrecentoverlyfile.digital",nocase; classtype:web-application-activity; sid:300000172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrefineduberfile.digital",nocase; classtype:web-application-activity; sid:300000173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadrenewedgreatlythefile.vip",nocase; classtype:web-application-activity; sid:300000174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadsophisticateduberfile.digital",nocase; classtype:web-application-activity; sid:300000175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadstreamlaunch.digital",nocase; classtype:web-application-activity; sid:300000176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadstrongextremelyfile.digital",nocase; classtype:web-application-activity; sid:300000177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadstrongintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loadswiftintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaduberprecisefile.digital",nocase; classtype:web-application-activity; sid:300000180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loaduberspeedyfile.digital",nocase; classtype:web-application-activity; sid:300000181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"louisvillegigs.net",nocase; classtype:web-application-activity; sid:300000182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"loveorfun.cc",nocase; classtype:web-application-activity; sid:300000183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"lubbockeda.org",nocase; classtype:web-application-activity; sid:300000184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"marketloans.net",nocase; classtype:web-application-activity; sid:300000185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"matchyourgirl.online",nocase; classtype:web-application-activity; sid:300000186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mathison.io",nocase; classtype:web-application-activity; sid:300000187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"media-cloud.ru",nocase; classtype:web-application-activity; sid:300000188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mediaadvanced.ru",nocase; classtype:web-application-activity; sid:300000189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"meeryslotspin.xyz",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mindmatch.ai",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobileluckywinner.site",nocase; classtype:web-application-activity; sid:300000192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"money-hero.org",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"movievod.me",nocase; classtype:web-application-activity; sid:300000194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mynutriplan.co",nocase; classtype:web-application-activity; sid:300000195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"n95o0fxvvw.top",nocase; classtype:web-application-activity; sid:300000196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newbuy.xyz",nocase; classtype:web-application-activity; sid:300000198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsinformer.net",nocase; classtype:web-application-activity; sid:300000199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"official-bigwin-national-free.cyou",nocase; classtype:web-application-activity; sid:300000202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"officialbigwinnationalfree.cyou",nocase; classtype:web-application-activity; sid:300000203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"oldharper.xyz",nocase; classtype:web-application-activity; sid:300000204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"olivedinflats.space",nocase; classtype:web-application-activity; sid:300000205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"online-prize-super-promotion.cyou",nocase; classtype:web-application-activity; sid:300000206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprize.cyou",nocase; classtype:web-application-activity; sid:300000207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlineprizesuperpromotion.cyou",nocase; classtype:web-application-activity; sid:300000208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"onlinewinnerluckyrewards.cyou",nocase; classtype:web-application-activity; sid:300000209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ouldthepat.fun",nocase; classtype:web-application-activity; sid:300000210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumna.xyz",nocase; classtype:web-application-activity; sid:300000211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringa.xyz",nocase; classtype:web-application-activity; sid:300000216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringb.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringc.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringd.xyz",nocase; classtype:web-application-activity; sid:300000219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummera.xyz",nocase; classtype:web-application-activity; sid:300000221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerc.xyz",nocase; classtype:web-application-activity; sid:300000222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerd.xyz",nocase; classtype:web-application-activity; sid:300000223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummere.xyz",nocase; classtype:web-application-activity; sid:300000224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerf.xyz",nocase; classtype:web-application-activity; sid:300000225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintera.xyz",nocase; classtype:web-application-activity; sid:300000226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterb.xyz",nocase; classtype:web-application-activity; sid:300000227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pcsecurity-live.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"photo-explorer.org",nocase; classtype:web-application-activity; sid:300000232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placesiteb.xyz",nocase; classtype:web-application-activity; sid:300000234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspind.xyz",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
@ -293,14 +293,14 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seasoned.co",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopadvisors.net",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopadvisors.net",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
--- a/dist/pup-filter-suricata.rules
+++ b/dist/pup-filter-suricata.rules
@ -1,13 +1,13 @@
 # Title: PUP Domains Suricata Ruleset
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2021travel.net"; classtype:web-application-activity; sid:300000001; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4upgradingstablesafe.work"; classtype:web-application-activity; sid:300000002; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abcscience.xyz"; classtype:web-application-activity; sid:300000003; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"affiliateland.io"; classtype:web-application-activity; sid:300000003; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000004; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amobil.online"; classtype:web-application-activity; sid:300000005; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000006; rev:1;)
@ -79,173 +79,173 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000072; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000073; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"get-your-score.club"; classtype:web-application-activity; sid:300000074; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getbril.io"; classtype:web-application-activity; sid:300000075; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getmoregirls.net"; classtype:web-application-activity; sid:300000076; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000077; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000078; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladplacespin.xyz"; classtype:web-application-activity; sid:300000079; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000080; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.cam"; classtype:web-application-activity; sid:300000081; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.monster"; classtype:web-application-activity; sid:300000082; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000083; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000084; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000085; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hailso.xyz"; classtype:web-application-activity; sid:300000086; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000087; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000088; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000089; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httqzq.vip"; classtype:web-application-activity; sid:300000090; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypezen.info"; classtype:web-application-activity; sid:300000091; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ientsillness.fun"; classtype:web-application-activity; sid:300000092; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000093; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incing-marganic.icu"; classtype:web-application-activity; sid:300000094; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incrediblebuzz.info"; classtype:web-application-activity; sid:300000095; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprecisethefile.vip"; classtype:web-application-activity; sid:300000096; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprogressivethefile.vip"; classtype:web-application-activity; sid:300000097; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyspeedythefile.vip"; classtype:web-application-activity; sid:300000098; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateprogressivecompletelythefile.vip"; classtype:web-application-activity; sid:300000099; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatesophisticatedcompletelythefile.vip"; classtype:web-application-activity; sid:300000100; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intelectaction.ru"; classtype:web-application-activity; sid:300000101; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investinfo.net"; classtype:web-application-activity; sid:300000102; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironprovpn.me"; classtype:web-application-activity; sid:300000103; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isystemupdate.cloud"; classtype:web-application-activity; sid:300000104; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jetsummer.xyz"; classtype:web-application-activity; sid:300000105; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jojomamanbebe.ie"; classtype:web-application-activity; sid:300000106; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joyspotmap.xyz"; classtype:web-application-activity; sid:300000107; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jtkszl.vip"; classtype:web-application-activity; sid:300000108; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataadvance.ru"; classtype:web-application-activity; sid:300000109; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataage.ru"; classtype:web-application-activity; sid:300000110; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataair.ru"; classtype:web-application-activity; sid:300000111; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataalt.ru"; classtype:web-application-activity; sid:300000112; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.bar"; classtype:web-application-activity; sid:300000113; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.club"; classtype:web-application-activity; sid:300000114; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.xyz"; classtype:web-application-activity; sid:300000115; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junesmile.xyz"; classtype:web-application-activity; sid:300000116; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keepinfit.net"; classtype:web-application-activity; sid:300000117; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumna.xyz"; classtype:web-application-activity; sid:300000118; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnb.xyz"; classtype:web-application-activity; sid:300000119; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnc.xyz"; classtype:web-application-activity; sid:300000120; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnd.xyz"; classtype:web-application-activity; sid:300000121; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumne.xyz"; classtype:web-application-activity; sid:300000122; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringa.xyz"; classtype:web-application-activity; sid:300000123; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringb.xyz"; classtype:web-application-activity; sid:300000124; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringc.xyz"; classtype:web-application-activity; sid:300000125; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringd.xyz"; classtype:web-application-activity; sid:300000126; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringe.xyz"; classtype:web-application-activity; sid:300000127; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringf.xyz"; classtype:web-application-activity; sid:300000128; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummera.xyz"; classtype:web-application-activity; sid:300000129; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerc.xyz"; classtype:web-application-activity; sid:300000130; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerd.xyz"; classtype:web-application-activity; sid:300000131; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummere.xyz"; classtype:web-application-activity; sid:300000132; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerf.xyz"; classtype:web-application-activity; sid:300000133; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintera.xyz"; classtype:web-application-activity; sid:300000134; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterb.xyz"; classtype:web-application-activity; sid:300000135; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterc.xyz"; classtype:web-application-activity; sid:300000136; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterd.xyz"; classtype:web-application-activity; sid:300000137; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintere.xyz"; classtype:web-application-activity; sid:300000138; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kompsos.uk"; classtype:web-application-activity; sid:300000139; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ktpyzw.vip"; classtype:web-application-activity; sid:300000140; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lackystack.net"; classtype:web-application-activity; sid:300000141; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ligamedia.art"; classtype:web-application-activity; sid:300000142; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ligamedia.casa"; classtype:web-application-activity; sid:300000143; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ligamedia.club"; classtype:web-application-activity; sid:300000144; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"link4updatingcentral.work"; classtype:web-application-activity; sid:300000145; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"listenthisso.top"; classtype:web-application-activity; sid:300000146; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lltrsknoob.click"; classtype:web-application-activity; sid:300000147; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadadvancedextremelythefile.vip"; classtype:web-application-activity; sid:300000148; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaddevelopeduberfile.digital"; classtype:web-application-activity; sid:300000149; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadextremelycurrentthefile.vip"; classtype:web-application-activity; sid:300000150; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadextremelyquickfile.digital"; classtype:web-application-activity; sid:300000151; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadextremelyrecentthefile.vip"; classtype:web-application-activity; sid:300000152; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadfree-bestheavilyfile.best"; classtype:web-application-activity; sid:300000153; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadfreeextremelyfile.digital"; classtype:web-application-activity; sid:300000154; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlynewestthefile.vip"; classtype:web-application-activity; sid:300000155; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyoriginalthefile.vip"; classtype:web-application-activity; sid:300000156; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyprogressivethefile.vip"; classtype:web-application-activity; sid:300000157; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyrenewedthefile.vip"; classtype:web-application-activity; sid:300000158; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadhighlyadvancedthefile.vip"; classtype:web-application-activity; sid:300000159; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyquickthefile.vip"; classtype:web-application-activity; sid:300000160; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyspeedythefile.vip"; classtype:web-application-activity; sid:300000161; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselystrongthefile.vip"; classtype:web-application-activity; sid:300000162; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyswiftthefile.vip"; classtype:web-application-activity; sid:300000163; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadnewestextremelythefile.vip"; classtype:web-application-activity; sid:300000164; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadnewestgreatlythefile.vip"; classtype:web-application-activity; sid:300000165; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadoriginalextremelythefile.vip"; classtype:web-application-activity; sid:300000166; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadoriginalgreatlythefile.vip"; classtype:web-application-activity; sid:300000167; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadpreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000168; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadpreciseuberfile.digital"; classtype:web-application-activity; sid:300000169; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadprogressivegreatlythefile.vip"; classtype:web-application-activity; sid:300000170; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadquickextremelyfile.digital"; classtype:web-application-activity; sid:300000171; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrecentextremelythefile.vip"; classtype:web-application-activity; sid:300000172; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrecentoverlyfile.digital"; classtype:web-application-activity; sid:300000173; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrefineduberfile.digital"; classtype:web-application-activity; sid:300000174; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrenewedgreatlythefile.vip"; classtype:web-application-activity; sid:300000175; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadsophisticateduberfile.digital"; classtype:web-application-activity; sid:300000176; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadstreamlaunch.digital"; classtype:web-application-activity; sid:300000177; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadstrongextremelyfile.digital"; classtype:web-application-activity; sid:300000178; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadstrongintenselythefile.vip"; classtype:web-application-activity; sid:300000179; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadswiftintenselythefile.vip"; classtype:web-application-activity; sid:300000180; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaduberprecisefile.digital"; classtype:web-application-activity; sid:300000181; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaduberspeedyfile.digital"; classtype:web-application-activity; sid:300000182; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"louisvillegigs.net"; classtype:web-application-activity; sid:300000183; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000184; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000185; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketloans.net"; classtype:web-application-activity; sid:300000186; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matchyourgirl.online"; classtype:web-application-activity; sid:300000187; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mathison.io"; classtype:web-application-activity; sid:300000188; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"media-cloud.ru"; classtype:web-application-activity; sid:300000189; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaadvanced.ru"; classtype:web-application-activity; sid:300000190; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeryslotspin.xyz"; classtype:web-application-activity; sid:300000191; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000192; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobileluckywinner.site"; classtype:web-application-activity; sid:300000193; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"money-hero.org"; classtype:web-application-activity; sid:300000194; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"movievod.me"; classtype:web-application-activity; sid:300000195; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mynutriplan.co"; classtype:web-application-activity; sid:300000196; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n95o0fxvvw.top"; classtype:web-application-activity; sid:300000197; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000198; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newbuy.xyz"; classtype:web-application-activity; sid:300000199; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsinformer.net"; classtype:web-application-activity; sid:300000200; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000201; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000202; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"official-bigwin-national-free.cyou"; classtype:web-application-activity; sid:300000203; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialbigwinnationalfree.cyou"; classtype:web-application-activity; sid:300000204; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oldharper.xyz"; classtype:web-application-activity; sid:300000205; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olivedinflats.space"; classtype:web-application-activity; sid:300000206; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online-prize-super-promotion.cyou"; classtype:web-application-activity; sid:300000207; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprize.cyou"; classtype:web-application-activity; sid:300000208; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprizesuperpromotion.cyou"; classtype:web-application-activity; sid:300000209; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlinewinnerluckyrewards.cyou"; classtype:web-application-activity; sid:300000210; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ouldthepat.fun"; classtype:web-application-activity; sid:300000211; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumna.xyz"; classtype:web-application-activity; sid:300000212; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnb.xyz"; classtype:web-application-activity; sid:300000213; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnc.xyz"; classtype:web-application-activity; sid:300000214; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnd.xyz"; classtype:web-application-activity; sid:300000215; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnf.xyz"; classtype:web-application-activity; sid:300000216; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringa.xyz"; classtype:web-application-activity; sid:300000217; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringb.xyz"; classtype:web-application-activity; sid:300000218; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringc.xyz"; classtype:web-application-activity; sid:300000219; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringd.xyz"; classtype:web-application-activity; sid:300000220; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000221; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummera.xyz"; classtype:web-application-activity; sid:300000222; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerc.xyz"; classtype:web-application-activity; sid:300000223; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerd.xyz"; classtype:web-application-activity; sid:300000224; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummere.xyz"; classtype:web-application-activity; sid:300000225; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerf.xyz"; classtype:web-application-activity; sid:300000226; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintera.xyz"; classtype:web-application-activity; sid:300000227; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterb.xyz"; classtype:web-application-activity; sid:300000228; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000229; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000230; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000231; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcsecurity-live.xyz"; classtype:web-application-activity; sid:300000232; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000233; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000234; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000235; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000236; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000237; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000238; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000239; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000240; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000241; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getmoregirls.net"; classtype:web-application-activity; sid:300000075; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000076; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000077; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladplacespin.xyz"; classtype:web-application-activity; sid:300000078; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000079; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.cam"; classtype:web-application-activity; sid:300000080; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.monster"; classtype:web-application-activity; sid:300000081; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000082; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000083; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000084; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hailso.xyz"; classtype:web-application-activity; sid:300000085; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000086; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000087; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000088; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httqzq.vip"; classtype:web-application-activity; sid:300000089; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypezen.info"; classtype:web-application-activity; sid:300000090; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ientsillness.fun"; classtype:web-application-activity; sid:300000091; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000092; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incing-marganic.icu"; classtype:web-application-activity; sid:300000093; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incrediblebuzz.info"; classtype:web-application-activity; sid:300000094; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprecisethefile.vip"; classtype:web-application-activity; sid:300000095; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyprogressivethefile.vip"; classtype:web-application-activity; sid:300000096; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatecompletelyspeedythefile.vip"; classtype:web-application-activity; sid:300000097; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiateprogressivecompletelythefile.vip"; classtype:web-application-activity; sid:300000098; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"initiatesophisticatedcompletelythefile.vip"; classtype:web-application-activity; sid:300000099; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intelectaction.ru"; classtype:web-application-activity; sid:300000100; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investinfo.net"; classtype:web-application-activity; sid:300000101; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironprovpn.me"; classtype:web-application-activity; sid:300000102; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isystemupdate.cloud"; classtype:web-application-activity; sid:300000103; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jetsummer.xyz"; classtype:web-application-activity; sid:300000104; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jojomamanbebe.ie"; classtype:web-application-activity; sid:300000105; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joyspotmap.xyz"; classtype:web-application-activity; sid:300000106; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jtkszl.vip"; classtype:web-application-activity; sid:300000107; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataadvance.ru"; classtype:web-application-activity; sid:300000108; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataage.ru"; classtype:web-application-activity; sid:300000109; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataair.ru"; classtype:web-application-activity; sid:300000110; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"juicydataalt.ru"; classtype:web-application-activity; sid:300000111; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.bar"; classtype:web-application-activity; sid:300000112; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.club"; classtype:web-application-activity; sid:300000113; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junemedia.xyz"; classtype:web-application-activity; sid:300000114; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"junesmile.xyz"; classtype:web-application-activity; sid:300000115; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"keepinfit.net"; classtype:web-application-activity; sid:300000116; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumna.xyz"; classtype:web-application-activity; sid:300000117; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnb.xyz"; classtype:web-application-activity; sid:300000118; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnc.xyz"; classtype:web-application-activity; sid:300000119; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumnd.xyz"; classtype:web-application-activity; sid:300000120; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaautumne.xyz"; classtype:web-application-activity; sid:300000121; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringa.xyz"; classtype:web-application-activity; sid:300000122; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringb.xyz"; classtype:web-application-activity; sid:300000123; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringc.xyz"; classtype:web-application-activity; sid:300000124; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringd.xyz"; classtype:web-application-activity; sid:300000125; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringe.xyz"; classtype:web-application-activity; sid:300000126; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalaspringf.xyz"; classtype:web-application-activity; sid:300000127; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummera.xyz"; classtype:web-application-activity; sid:300000128; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerc.xyz"; classtype:web-application-activity; sid:300000129; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerd.xyz"; classtype:web-application-activity; sid:300000130; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummere.xyz"; classtype:web-application-activity; sid:300000131; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalasummerf.xyz"; classtype:web-application-activity; sid:300000132; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintera.xyz"; classtype:web-application-activity; sid:300000133; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterb.xyz"; classtype:web-application-activity; sid:300000134; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterc.xyz"; classtype:web-application-activity; sid:300000135; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawinterd.xyz"; classtype:web-application-activity; sid:300000136; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"koalawintere.xyz"; classtype:web-application-activity; sid:300000137; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kompsos.uk"; classtype:web-application-activity; sid:300000138; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ktpyzw.vip"; classtype:web-application-activity; sid:300000139; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lackystack.net"; classtype:web-application-activity; sid:300000140; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ligamedia.art"; classtype:web-application-activity; sid:300000141; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ligamedia.casa"; classtype:web-application-activity; sid:300000142; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ligamedia.club"; classtype:web-application-activity; sid:300000143; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"link4updatingcentral.work"; classtype:web-application-activity; sid:300000144; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"listenthisso.top"; classtype:web-application-activity; sid:300000145; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lltrsknoob.click"; classtype:web-application-activity; sid:300000146; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadadvancedextremelythefile.vip"; classtype:web-application-activity; sid:300000147; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaddevelopeduberfile.digital"; classtype:web-application-activity; sid:300000148; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadextremelycurrentthefile.vip"; classtype:web-application-activity; sid:300000149; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadextremelyquickfile.digital"; classtype:web-application-activity; sid:300000150; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadextremelyrecentthefile.vip"; classtype:web-application-activity; sid:300000151; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadfree-bestheavilyfile.best"; classtype:web-application-activity; sid:300000152; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadfreeextremelyfile.digital"; classtype:web-application-activity; sid:300000153; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlynewestthefile.vip"; classtype:web-application-activity; sid:300000154; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyoriginalthefile.vip"; classtype:web-application-activity; sid:300000155; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyprogressivethefile.vip"; classtype:web-application-activity; sid:300000156; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatlyrenewedthefile.vip"; classtype:web-application-activity; sid:300000157; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadhighlyadvancedthefile.vip"; classtype:web-application-activity; sid:300000158; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyquickthefile.vip"; classtype:web-application-activity; sid:300000159; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyspeedythefile.vip"; classtype:web-application-activity; sid:300000160; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselystrongthefile.vip"; classtype:web-application-activity; sid:300000161; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadintenselyswiftthefile.vip"; classtype:web-application-activity; sid:300000162; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadnewestextremelythefile.vip"; classtype:web-application-activity; sid:300000163; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadnewestgreatlythefile.vip"; classtype:web-application-activity; sid:300000164; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadoriginalextremelythefile.vip"; classtype:web-application-activity; sid:300000165; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadoriginalgreatlythefile.vip"; classtype:web-application-activity; sid:300000166; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadpreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000167; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadpreciseuberfile.digital"; classtype:web-application-activity; sid:300000168; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadprogressivegreatlythefile.vip"; classtype:web-application-activity; sid:300000169; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadquickextremelyfile.digital"; classtype:web-application-activity; sid:300000170; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrecentextremelythefile.vip"; classtype:web-application-activity; sid:300000171; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrecentoverlyfile.digital"; classtype:web-application-activity; sid:300000172; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrefineduberfile.digital"; classtype:web-application-activity; sid:300000173; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadrenewedgreatlythefile.vip"; classtype:web-application-activity; sid:300000174; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadsophisticateduberfile.digital"; classtype:web-application-activity; sid:300000175; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadstreamlaunch.digital"; classtype:web-application-activity; sid:300000176; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadstrongextremelyfile.digital"; classtype:web-application-activity; sid:300000177; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadstrongintenselythefile.vip"; classtype:web-application-activity; sid:300000178; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadswiftintenselythefile.vip"; classtype:web-application-activity; sid:300000179; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaduberprecisefile.digital"; classtype:web-application-activity; sid:300000180; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loaduberspeedyfile.digital"; classtype:web-application-activity; sid:300000181; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"louisvillegigs.net"; classtype:web-application-activity; sid:300000182; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000183; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lubbockeda.org"; classtype:web-application-activity; sid:300000184; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"marketloans.net"; classtype:web-application-activity; sid:300000185; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"matchyourgirl.online"; classtype:web-application-activity; sid:300000186; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mathison.io"; classtype:web-application-activity; sid:300000187; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"media-cloud.ru"; classtype:web-application-activity; sid:300000188; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaadvanced.ru"; classtype:web-application-activity; sid:300000189; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeryslotspin.xyz"; classtype:web-application-activity; sid:300000190; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000191; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobileluckywinner.site"; classtype:web-application-activity; sid:300000192; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"money-hero.org"; classtype:web-application-activity; sid:300000193; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"movievod.me"; classtype:web-application-activity; sid:300000194; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mynutriplan.co"; classtype:web-application-activity; sid:300000195; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"n95o0fxvvw.top"; classtype:web-application-activity; sid:300000196; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000197; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newbuy.xyz"; classtype:web-application-activity; sid:300000198; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsinformer.net"; classtype:web-application-activity; sid:300000199; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000200; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000201; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"official-bigwin-national-free.cyou"; classtype:web-application-activity; sid:300000202; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"officialbigwinnationalfree.cyou"; classtype:web-application-activity; sid:300000203; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"oldharper.xyz"; classtype:web-application-activity; sid:300000204; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"olivedinflats.space"; classtype:web-application-activity; sid:300000205; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"online-prize-super-promotion.cyou"; classtype:web-application-activity; sid:300000206; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprize.cyou"; classtype:web-application-activity; sid:300000207; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlineprizesuperpromotion.cyou"; classtype:web-application-activity; sid:300000208; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlinewinnerluckyrewards.cyou"; classtype:web-application-activity; sid:300000209; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ouldthepat.fun"; classtype:web-application-activity; sid:300000210; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumna.xyz"; classtype:web-application-activity; sid:300000211; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnb.xyz"; classtype:web-application-activity; sid:300000212; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnc.xyz"; classtype:web-application-activity; sid:300000213; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnd.xyz"; classtype:web-application-activity; sid:300000214; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnf.xyz"; classtype:web-application-activity; sid:300000215; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringa.xyz"; classtype:web-application-activity; sid:300000216; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringb.xyz"; classtype:web-application-activity; sid:300000217; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringc.xyz"; classtype:web-application-activity; sid:300000218; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringd.xyz"; classtype:web-application-activity; sid:300000219; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000220; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummera.xyz"; classtype:web-application-activity; sid:300000221; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerc.xyz"; classtype:web-application-activity; sid:300000222; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerd.xyz"; classtype:web-application-activity; sid:300000223; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummere.xyz"; classtype:web-application-activity; sid:300000224; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerf.xyz"; classtype:web-application-activity; sid:300000225; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintera.xyz"; classtype:web-application-activity; sid:300000226; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterb.xyz"; classtype:web-application-activity; sid:300000227; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000228; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000229; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000230; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcsecurity-live.xyz"; classtype:web-application-activity; sid:300000231; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"photo-explorer.org"; classtype:web-application-activity; sid:300000232; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000233; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000234; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000235; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000236; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000237; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000238; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000239; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000240; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000241; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000242; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspind.xyz"; classtype:web-application-activity; sid:300000243; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000244; rev:1;)
@ -293,14 +293,14 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000286; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000287; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000288; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seasoned.co"; classtype:web-application-activity; sid:300000289; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000290; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000291; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000292; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000293; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopadvisors.net"; classtype:web-application-activity; sid:300000294; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000295; rev:1;)
-alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000296; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000289; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000290; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000291; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000292; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopadvisors.net"; classtype:web-application-activity; sid:300000293; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000294; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000295; rev:1;)
+alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000296; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000297; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000298; rev:1;)
 alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000299; rev:1;)
--- a/dist/pup-filter-unbound.conf
+++ b/dist/pup-filter-unbound.conf
@ -1,13 +1,13 @@
 # Title: PUP Domains Unbound Blocklist
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
 # Source: https://github.com/zhouhanc/malware-discoverer
 local-zone: "2021travel.net" always_nxdomain
 local-zone: "4upgradingstablesafe.work" always_nxdomain
-local-zone: "abcscience.xyz" always_nxdomain
+local-zone: "affiliateland.io" always_nxdomain
 local-zone: "aikoo.club" always_nxdomain
 local-zone: "amobil.online" always_nxdomain
 local-zone: "appzfirer.biz" always_nxdomain
@ -79,7 +79,6 @@ local-zone: "funny-media.ru" always_nxdomain
 local-zone: "funspine.xyz" always_nxdomain
 local-zone: "genertellife.it" always_nxdomain
 local-zone: "get-your-score.club" always_nxdomain
-local-zone: "getbril.io" always_nxdomain
 local-zone: "getmoregirls.net" always_nxdomain
 local-zone: "girlsnearyou.online" always_nxdomain
 local-zone: "gladmstreet.xyz" always_nxdomain
@ -246,6 +245,7 @@ local-zone: "playautumnb.xyz" always_nxdomain
 local-zone: "playautumnc.xyz" always_nxdomain
 local-zone: "playautumnd.xyz" always_nxdomain
 local-zone: "playautumne.xyz" always_nxdomain
+local-zone: "playautumnf.xyz" always_nxdomain
 local-zone: "playplanete.xyz" always_nxdomain
 local-zone: "playspind.xyz" always_nxdomain
 local-zone: "playspringa.xyz" always_nxdomain
@ -293,7 +293,6 @@ local-zone: "search4theupdatefree.work" always_nxdomain
 local-zone: "search4theupgradeset.info" always_nxdomain
 local-zone: "search4upgradingset.info" always_nxdomain
 local-zone: "searchmgr.online" always_nxdomain
-local-zone: "seasoned.co" always_nxdomain
 local-zone: "securitevpn.me" always_nxdomain
 local-zone: "securityvpnpro.me" always_nxdomain
 local-zone: "sergey-tracks.xyz" always_nxdomain
@ -301,6 +300,7 @@ local-zone: "settothereliableupgradingnew.work" always_nxdomain
 local-zone: "shopadvisors.net" always_nxdomain
 local-zone: "shopin.nyc" always_nxdomain
 local-zone: "shopnsave.world" always_nxdomain
+local-zone: "signupandturnyourscreenoffsafepowernow.date" always_nxdomain
 local-zone: "smartideas.pro" always_nxdomain
 local-zone: "spotmapd.xyz" always_nxdomain
 local-zone: "spotmapf.xyz" always_nxdomain
--- a/dist/pup-filter-vivaldi.txt
+++ b/dist/pup-filter-vivaldi.txt
@ -1,13 +1,13 @@
 ! Title: PUP Domains Blocklist (Vivaldi)
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Wed, 13 Oct 2021 00:02:41 +0000
+! Updated: Wed, 13 Oct 2021 12:03:08 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
 ! Source: https://github.com/zhouhanc/malware-discoverer
 ||2021travel.net$document
 ||4upgradingstablesafe.work$document
-||abcscience.xyz$document
+||affiliateland.io$document
 ||aikoo.club$document
 ||amobil.online$document
 ||appzfirer.biz$document
@ -79,7 +79,6 @@
 ||funspine.xyz$document
 ||genertellife.it$document
 ||get-your-score.club$document
-||getbril.io$document
 ||getmoregirls.net$document
 ||girlsnearyou.online$document
 ||gladmstreet.xyz$document
@ -246,6 +245,7 @@
 ||playautumnc.xyz$document
 ||playautumnd.xyz$document
 ||playautumne.xyz$document
+||playautumnf.xyz$document
 ||playplanete.xyz$document
 ||playspind.xyz$document
 ||playspringa.xyz$document
@ -293,7 +293,6 @@
 ||search4theupgradeset.info$document
 ||search4upgradingset.info$document
 ||searchmgr.online$document
-||seasoned.co$document
 ||securitevpn.me$document
 ||securityvpnpro.me$document
 ||sergey-tracks.xyz$document
@ -301,6 +300,7 @@
 ||shopadvisors.net$document
 ||shopin.nyc$document
 ||shopnsave.world$document
+||signupandturnyourscreenoffsafepowernow.date$document
 ||smartideas.pro$document
 ||spotmapd.xyz$document
 ||spotmapf.xyz$document
--- a/dist/pup-filter.tpl
+++ b/dist/pup-filter.tpl
@ -1,7 +1,7 @@
 msFilterList
 # Title: PUP Hosts Blocklist (IE)
 # Description: Block domains that host potentially unwanted programs (PUP)
-# Updated: Wed, 13 Oct 2021 00:02:41 +0000
+# Updated: Wed, 13 Oct 2021 12:03:08 +0000
 # Expires: 1 day (update frequency)
 # Homepage: https://gitlab.com/curben/pup-filter
 # License: https://gitlab.com/curben/pup-filter#license
@ -10,7 +10,7 @@ msFilterList
 #
 -d 2021travel.net
 -d 4upgradingstablesafe.work
-d abcscience.xyz
+-d affiliateland.io
 -d aikoo.club
 -d amobil.online
 -d appzfirer.biz
@ -82,7 +82,6 @@ msFilterList
 -d funspine.xyz
 -d genertellife.it
 -d get-your-score.club
-d getbril.io
 -d getmoregirls.net
 -d girlsnearyou.online
 -d gladmstreet.xyz
@ -249,6 +248,7 @@ msFilterList
 -d playautumnc.xyz
 -d playautumnd.xyz
 -d playautumne.xyz
+-d playautumnf.xyz
 -d playplanete.xyz
 -d playspind.xyz
 -d playspringa.xyz
@ -296,7 +296,6 @@ msFilterList
 -d search4theupgradeset.info
 -d search4upgradingset.info
 -d searchmgr.online
-d seasoned.co
 -d securitevpn.me
 -d securityvpnpro.me
 -d sergey-tracks.xyz
@ -304,6 +303,7 @@ msFilterList
 -d shopadvisors.net
 -d shopin.nyc
 -d shopnsave.world
+-d signupandturnyourscreenoffsafepowernow.date
 -d smartideas.pro
 -d spotmapd.xyz
 -d spotmapf.xyz
--- a/dist/pup-filter.txt
+++ b/dist/pup-filter.txt
@ -1,13 +1,13 @@
 ! Title: PUP Domains Blocklist
 ! Description: Block domains that host potentially unwanted programs (PUP)
-! Updated: Wed, 13 Oct 2021 00:02:41 +0000
+! Updated: Wed, 13 Oct 2021 12:03:08 +0000
 ! Expires: 1 day (update frequency)
 ! Homepage: https://gitlab.com/curben/pup-filter
 ! License: https://gitlab.com/curben/pup-filter#license
 ! Source: https://github.com/zhouhanc/malware-discoverer
 2021travel.net
 4upgradingstablesafe.work
-abcscience.xyz
+affiliateland.io
 aikoo.club
 amobil.online
 appzfirer.biz
@ -79,7 +79,6 @@ funny-media.ru
 funspine.xyz
 genertellife.it
 get-your-score.club
-getbril.io
 getmoregirls.net
 girlsnearyou.online
 gladmstreet.xyz
@ -246,6 +245,7 @@ playautumnb.xyz
 playautumnc.xyz
 playautumnd.xyz
 playautumne.xyz
+playautumnf.xyz
 playplanete.xyz
 playspind.xyz
 playspringa.xyz
@ -293,7 +293,6 @@ search4theupdatefree.work
 search4theupgradeset.info
 search4upgradingset.info
 searchmgr.online
-seasoned.co
 securitevpn.me
 securityvpnpro.me
 sergey-tracks.xyz
@ -301,6 +300,7 @@ settothereliableupgradingnew.work
 shopadvisors.net
 shopin.nyc
 shopnsave.world
+signupandturnyourscreenoffsafepowernow.date
 smartideas.pro
 spotmapd.xyz
 spotmapf.xyz