curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter updated: Thu, 05 Aug 2021 12:03:24 +0000

This commit is contained in:
curben-bot 2021-08-05 12:03:24 +00:00
parent 8d244cf18f
commit b23cd0d0f9
15 changed files with 265 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dist/pup-filter-ag.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 05 Aug 2021 00:03:34 +0000
! Updated: Thu, 05 Aug 2021 12:03:24 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@
||gramp.xyz$all
||grandencryptions.me$all
||growthnetic.club$all
||gx8uxvn13l.top$all
||hailso.xyz$all
||happymakesite.xyz$all
||healandgrow.club$all
@ -153,7 +154,6 @@
||hypezen.info$all
||ientsillness.fun$all
||imagefind.org$all
||incing-marganic.icu$all
||incrediblebuzz.info$all
||information.casa$all
||installcompletely-theoriginalfile.best$all
@ -300,7 +300,6 @@
||quantum.work$all
||quatrefeuillepolonaise.xyz$all
||rainlonginsect23.life$all
||rancy.xyz$all
||random-prize-bigwin-official.cyou$all
||randomprizebigwinofficial.cyou$all
||resignation.top$all
@ -355,6 +354,7 @@
||startos.win$all
||stay-notified.cc$all
||stickr.co$all
||stogether.fun$all
||streamadvanced-bestcompletelyfile.best$all
||streamadvanced-bestextremelyfile.best$all
||streamdeveloped-bestoverlyfile.best$all

6
dist/pup-filter-agh.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard Home)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 05 Aug 2021 00:03:34 +0000
! Updated: Thu, 05 Aug 2021 12:03:24 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@
||gramp.xyz^
||grandencryptions.me^
||growthnetic.club^
||gx8uxvn13l.top^
||hailso.xyz^
||happymakesite.xyz^
||healandgrow.club^
@ -153,7 +154,6 @@
||hypezen.info^
||ientsillness.fun^
||imagefind.org^
||incing-marganic.icu^
||incrediblebuzz.info^
||information.casa^
||installcompletely-theoriginalfile.best^
@ -300,7 +300,6 @@
||quantum.work^
||quatrefeuillepolonaise.xyz^
||rainlonginsect23.life^
||rancy.xyz^
||random-prize-bigwin-official.cyou^
||randomprizebigwinofficial.cyou^
||resignation.top^
@ -355,6 +354,7 @@
||startos.win^
||stay-notified.cc^
||stickr.co^
||stogether.fun^
||streamadvanced-bestcompletelyfile.best^
||streamadvanced-bestextremelyfile.best^
||streamdeveloped-bestoverlyfile.best^

6
dist/pup-filter-bind.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains BIND Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@ zone "graburprize.net" { type master; notify no; file "null.zone.file"; };
zone "gramp.xyz" { type master; notify no; file "null.zone.file"; };
zone "grandencryptions.me" { type master; notify no; file "null.zone.file"; };
zone "growthnetic.club" { type master; notify no; file "null.zone.file"; };
zone "gx8uxvn13l.top" { type master; notify no; file "null.zone.file"; };
zone "hailso.xyz" { type master; notify no; file "null.zone.file"; };
zone "happymakesite.xyz" { type master; notify no; file "null.zone.file"; };
zone "healandgrow.club" { type master; notify no; file "null.zone.file"; };
@ -153,7 +154,6 @@ zone "httqzq.vip" { type master; notify no; file "null.zone.file"; };
zone "hypezen.info" { type master; notify no; file "null.zone.file"; };
zone "ientsillness.fun" { type master; notify no; file "null.zone.file"; };
zone "imagefind.org" { type master; notify no; file "null.zone.file"; };
zone "incing-marganic.icu" { type master; notify no; file "null.zone.file"; };
zone "incrediblebuzz.info" { type master; notify no; file "null.zone.file"; };
zone "information.casa" { type master; notify no; file "null.zone.file"; };
zone "installcompletely-theoriginalfile.best" { type master; notify no; file "null.zone.file"; };
@ -300,7 +300,6 @@ zone "qh97dkzy20.top" { type master; notify no; file "null.zone.file"; };
zone "quantum.work" { type master; notify no; file "null.zone.file"; };
zone "quatrefeuillepolonaise.xyz" { type master; notify no; file "null.zone.file"; };
zone "rainlonginsect23.life" { type master; notify no; file "null.zone.file"; };
zone "rancy.xyz" { type master; notify no; file "null.zone.file"; };
zone "random-prize-bigwin-official.cyou" { type master; notify no; file "null.zone.file"; };
zone "randomprizebigwinofficial.cyou" { type master; notify no; file "null.zone.file"; };
zone "resignation.top" { type master; notify no; file "null.zone.file"; };
@ -355,6 +354,7 @@ zone "start-page.one" { type master; notify no; file "null.zone.file"; };
zone "startos.win" { type master; notify no; file "null.zone.file"; };
zone "stay-notified.cc" { type master; notify no; file "null.zone.file"; };
zone "stickr.co" { type master; notify no; file "null.zone.file"; };
zone "stogether.fun" { type master; notify no; file "null.zone.file"; };
zone "streamadvanced-bestcompletelyfile.best" { type master; notify no; file "null.zone.file"; };
zone "streamadvanced-bestextremelyfile.best" { type master; notify no; file "null.zone.file"; };
zone "streamdeveloped-bestoverlyfile.best" { type master; notify no; file "null.zone.file"; };

6
dist/pup-filter-dnscrypt-blocked-names.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Names Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@ graburprize.net
gramp.xyz
grandencryptions.me
growthnetic.club
gx8uxvn13l.top
hailso.xyz
happymakesite.xyz
healandgrow.club
@ -153,7 +154,6 @@ httqzq.vip
hypezen.info
ientsillness.fun
imagefind.org
incing-marganic.icu
incrediblebuzz.info
information.casa
installcompletely-theoriginalfile.best
@ -300,7 +300,6 @@ qh97dkzy20.top
quantum.work
quatrefeuillepolonaise.xyz
rainlonginsect23.life
rancy.xyz
random-prize-bigwin-official.cyou
randomprizebigwinofficial.cyou
resignation.top
@ -355,6 +354,7 @@ start-page.one
startos.win
stay-notified.cc
stickr.co
stogether.fun
streamadvanced-bestcompletelyfile.best
streamadvanced-bestextremelyfile.best
streamdeveloped-bestoverlyfile.best

6
dist/pup-filter-dnsmasq.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains dnsmasq Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@ address=/graburprize.net/0.0.0.0
address=/gramp.xyz/0.0.0.0
address=/grandencryptions.me/0.0.0.0
address=/growthnetic.club/0.0.0.0
address=/gx8uxvn13l.top/0.0.0.0
address=/hailso.xyz/0.0.0.0
address=/happymakesite.xyz/0.0.0.0
address=/healandgrow.club/0.0.0.0
@ -153,7 +154,6 @@ address=/httqzq.vip/0.0.0.0
address=/hypezen.info/0.0.0.0
address=/ientsillness.fun/0.0.0.0
address=/imagefind.org/0.0.0.0
address=/incing-marganic.icu/0.0.0.0
address=/incrediblebuzz.info/0.0.0.0
address=/information.casa/0.0.0.0
address=/installcompletely-theoriginalfile.best/0.0.0.0
@ -300,7 +300,6 @@ address=/qh97dkzy20.top/0.0.0.0
address=/quantum.work/0.0.0.0
address=/quatrefeuillepolonaise.xyz/0.0.0.0
address=/rainlonginsect23.life/0.0.0.0
address=/rancy.xyz/0.0.0.0
address=/random-prize-bigwin-official.cyou/0.0.0.0
address=/randomprizebigwinofficial.cyou/0.0.0.0
address=/resignation.top/0.0.0.0
@ -355,6 +354,7 @@ address=/start-page.one/0.0.0.0
address=/startos.win/0.0.0.0
address=/stay-notified.cc/0.0.0.0
address=/stickr.co/0.0.0.0
address=/stogether.fun/0.0.0.0
address=/streamadvanced-bestcompletelyfile.best/0.0.0.0
address=/streamadvanced-bestextremelyfile.best/0.0.0.0
address=/streamdeveloped-bestoverlyfile.best/0.0.0.0

6
dist/pup-filter-domains.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@ graburprize.net
gramp.xyz
grandencryptions.me
growthnetic.club
gx8uxvn13l.top
hailso.xyz
happymakesite.xyz
healandgrow.club
@ -153,7 +154,6 @@ httqzq.vip
hypezen.info
ientsillness.fun
imagefind.org
incing-marganic.icu
incrediblebuzz.info
information.casa
installcompletely-theoriginalfile.best
@ -300,7 +300,6 @@ qh97dkzy20.top
quantum.work
quatrefeuillepolonaise.xyz
rainlonginsect23.life
rancy.xyz
random-prize-bigwin-official.cyou
randomprizebigwinofficial.cyou
resignation.top
@ -355,6 +354,7 @@ start-page.one
startos.win
stay-notified.cc
stickr.co
stogether.fun
streamadvanced-bestcompletelyfile.best
streamadvanced-bestextremelyfile.best
streamdeveloped-bestoverlyfile.best

6
dist/pup-filter-hosts.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Hosts Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@
0.0.0.0 gramp.xyz
0.0.0.0 grandencryptions.me
0.0.0.0 growthnetic.club
0.0.0.0 gx8uxvn13l.top
0.0.0.0 hailso.xyz
0.0.0.0 happymakesite.xyz
0.0.0.0 healandgrow.club
@ -153,7 +154,6 @@
0.0.0.0 hypezen.info
0.0.0.0 ientsillness.fun
0.0.0.0 imagefind.org
0.0.0.0 incing-marganic.icu
0.0.0.0 incrediblebuzz.info
0.0.0.0 information.casa
0.0.0.0 installcompletely-theoriginalfile.best
@ -300,7 +300,6 @@
0.0.0.0 quantum.work
0.0.0.0 quatrefeuillepolonaise.xyz
0.0.0.0 rainlonginsect23.life
0.0.0.0 rancy.xyz
0.0.0.0 random-prize-bigwin-official.cyou
0.0.0.0 randomprizebigwinofficial.cyou
0.0.0.0 resignation.top
@ -355,6 +354,7 @@
0.0.0.0 startos.win
0.0.0.0 stay-notified.cc
0.0.0.0 stickr.co
0.0.0.0 stogether.fun
0.0.0.0 streamadvanced-bestcompletelyfile.best
0.0.0.0 streamadvanced-bestextremelyfile.best
0.0.0.0 streamdeveloped-bestoverlyfile.best

8
dist/pup-filter-rpz.conf vendored
View File

@ -1,13 +1,13 @@
; Title: PUP Domains RPZ Blocklist
; Description: Block domains that host potentially unwanted programs (PUP)
; Updated: Thu, 05 Aug 2021 00:03:34 +0000
; Updated: Thu, 05 Aug 2021 12:03:24 +0000
; Expires: 1 day (update frequency)
; Homepage: https://gitlab.com/curben/pup-filter
; License: https://gitlab.com/curben/pup-filter#license
; Source: https://github.com/zhouhanc/malware-discoverer
$TTL 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1628121814 86400 3600 604800 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1628165004 86400 3600 604800 30
NS localhost.
123news.website CNAME .
@ -139,6 +139,7 @@ graburprize.net CNAME .
gramp.xyz CNAME .
grandencryptions.me CNAME .
growthnetic.club CNAME .
gx8uxvn13l.top CNAME .
hailso.xyz CNAME .
happymakesite.xyz CNAME .
healandgrow.club CNAME .
@ -158,7 +159,6 @@ httqzq.vip CNAME .
hypezen.info CNAME .
ientsillness.fun CNAME .
imagefind.org CNAME .
incing-marganic.icu CNAME .
incrediblebuzz.info CNAME .
information.casa CNAME .
installcompletely-theoriginalfile.best CNAME .
@ -305,7 +305,6 @@ qh97dkzy20.top CNAME .
quantum.work CNAME .
quatrefeuillepolonaise.xyz CNAME .
rainlonginsect23.life CNAME .
rancy.xyz CNAME .
random-prize-bigwin-official.cyou CNAME .
randomprizebigwinofficial.cyou CNAME .
resignation.top CNAME .
@ -360,6 +359,7 @@ start-page.one CNAME .
startos.win CNAME .
stay-notified.cc CNAME .
stickr.co CNAME .
stogether.fun CNAME .
streamadvanced-bestcompletelyfile.best CNAME .
streamadvanced-bestextremelyfile.best CNAME .
streamdeveloped-bestoverlyfile.best CNAME .

152
dist/pup-filter-snort2.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort2 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,26 +134,26 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gramp.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000127; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000128; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"growthnetic.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000129; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hailso.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000130; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"happymakesite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000131; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healandgrow.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000132; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healtheezy.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000133; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthneo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000134; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthomega.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000135; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthscale.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000136; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthschedule.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000137; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthsupreme.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000138; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthtag.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000139; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthupper.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000140; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000141; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthyspirit.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000142; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000143; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotladieshere.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000144; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"httqzq.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000145; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypezen.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000146; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ientsillness.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000147; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000148; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incing-marganic.icu"; content:"Host"; http_header; classtype:web-application-activity; sid:300000149; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gx8uxvn13l.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000130; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hailso.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000131; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"happymakesite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000132; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healandgrow.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000133; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healtheezy.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000134; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthneo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000135; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthomega.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000136; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthscale.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000137; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthschedule.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000138; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthsupreme.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000139; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthtag.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000140; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthupper.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000141; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000142; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthyspirit.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000143; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000144; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hotladieshere.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000145; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"httqzq.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000146; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypezen.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000147; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ientsillness.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000148; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000149; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incrediblebuzz.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000150; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"information.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000151; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installcompletely-theoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000152; rev:1;)
@ -300,61 +300,61 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quantum.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quatrefeuillepolonaise.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rainlonginsect23.life"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rancy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"random-prize-bigwin-official.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"randomprizebigwinofficial.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"resignation.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewards-promotion-winner-super.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardsluckygiveawayprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardspromotionwinnersuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ritaus.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rootessential.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runcurrent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rundeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runfree-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runintensely-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runlatest-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdate.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdates.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scoopswoop.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"score-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-tool.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchoffers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alert.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seemlast.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-care.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stay-notified.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"random-prize-bigwin-official.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"randomprizebigwinofficial.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"resignation.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewards-promotion-winner-super.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardsluckygiveawayprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardspromotionwinnersuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ritaus.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rootessential.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runcurrent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rundeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runfree-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runintensely-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runlatest-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdate.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdates.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scoopswoop.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"score-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-tool.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchoffers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alert.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seemlast.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-care.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stay-notified.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stogether.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)

152
dist/pup-filter-snort3.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort3 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,26 +134,26 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gramp.xyz",nocase; classtype:web-application-activity; sid:300000127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"growthnetic.club",nocase; classtype:web-application-activity; sid:300000129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hailso.xyz",nocase; classtype:web-application-activity; sid:300000130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"happymakesite.xyz",nocase; classtype:web-application-activity; sid:300000131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healandgrow.club",nocase; classtype:web-application-activity; sid:300000132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healtheezy.info",nocase; classtype:web-application-activity; sid:300000133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthneo.club",nocase; classtype:web-application-activity; sid:300000134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthomega.club",nocase; classtype:web-application-activity; sid:300000135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthscale.club",nocase; classtype:web-application-activity; sid:300000136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthschedule.club",nocase; classtype:web-application-activity; sid:300000137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthsupreme.club",nocase; classtype:web-application-activity; sid:300000138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthtag.club",nocase; classtype:web-application-activity; sid:300000139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthupper.club",nocase; classtype:web-application-activity; sid:300000140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthyspirit.info",nocase; classtype:web-application-activity; sid:300000142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hotladieshere.net",nocase; classtype:web-application-activity; sid:300000144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"httqzq.vip",nocase; classtype:web-application-activity; sid:300000145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hypezen.info",nocase; classtype:web-application-activity; sid:300000146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ientsillness.fun",nocase; classtype:web-application-activity; sid:300000147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incing-marganic.icu",nocase; classtype:web-application-activity; sid:300000149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gx8uxvn13l.top",nocase; classtype:web-application-activity; sid:300000130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hailso.xyz",nocase; classtype:web-application-activity; sid:300000131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"happymakesite.xyz",nocase; classtype:web-application-activity; sid:300000132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healandgrow.club",nocase; classtype:web-application-activity; sid:300000133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healtheezy.info",nocase; classtype:web-application-activity; sid:300000134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthneo.club",nocase; classtype:web-application-activity; sid:300000135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthomega.club",nocase; classtype:web-application-activity; sid:300000136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthscale.club",nocase; classtype:web-application-activity; sid:300000137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthschedule.club",nocase; classtype:web-application-activity; sid:300000138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthsupreme.club",nocase; classtype:web-application-activity; sid:300000139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthtag.club",nocase; classtype:web-application-activity; sid:300000140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthupper.club",nocase; classtype:web-application-activity; sid:300000141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthyspirit.info",nocase; classtype:web-application-activity; sid:300000143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hotladieshere.net",nocase; classtype:web-application-activity; sid:300000145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"httqzq.vip",nocase; classtype:web-application-activity; sid:300000146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hypezen.info",nocase; classtype:web-application-activity; sid:300000147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ientsillness.fun",nocase; classtype:web-application-activity; sid:300000148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incrediblebuzz.info",nocase; classtype:web-application-activity; sid:300000150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"information.casa",nocase; classtype:web-application-activity; sid:300000151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installcompletely-theoriginalfile.best",nocase; classtype:web-application-activity; sid:300000152; rev:1;)
@ -300,61 +300,61 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quantum.work",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quatrefeuillepolonaise.xyz",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rainlonginsect23.life",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rancy.xyz",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"random-prize-bigwin-official.cyou",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"randomprizebigwinofficial.cyou",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"resignation.top",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewards-promotion-winner-super.cyou",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardsluckygiveawayprize.cyou",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardspromotionwinnersuper.cyou",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ritaus.org",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rootessential.info",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runcurrent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rundeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runfree-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runintensely-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runlatest-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdate.info",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdates.info",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scoopswoop.info",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"score-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-tool.net",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchoffers.info",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alert.xyz",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seemlast.monster",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"service-care.space",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stay-notified.cc",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"random-prize-bigwin-official.cyou",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"randomprizebigwinofficial.cyou",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"resignation.top",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewards-promotion-winner-super.cyou",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardsluckygiveawayprize.cyou",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardspromotionwinnersuper.cyou",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ritaus.org",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rootessential.info",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runcurrent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rundeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runfree-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runintensely-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runlatest-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdate.info",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdates.info",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scoopswoop.info",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"score-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-tool.net",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchoffers.info",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alert.xyz",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seemlast.monster",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"service-care.space",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stay-notified.cc",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stogether.fun",nocase; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000353; rev:1;)

152
dist/pup-filter-suricata.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Suricata Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,26 +134,26 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gramp.xyz"; classtype:web-application-activity; sid:300000127; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000128; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"growthnetic.club"; classtype:web-application-activity; sid:300000129; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hailso.xyz"; classtype:web-application-activity; sid:300000130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"happymakesite.xyz"; classtype:web-application-activity; sid:300000131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healandgrow.club"; classtype:web-application-activity; sid:300000132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healtheezy.info"; classtype:web-application-activity; sid:300000133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthneo.club"; classtype:web-application-activity; sid:300000134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthomega.club"; classtype:web-application-activity; sid:300000135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthscale.club"; classtype:web-application-activity; sid:300000136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthschedule.club"; classtype:web-application-activity; sid:300000137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthsupreme.club"; classtype:web-application-activity; sid:300000138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthtag.club"; classtype:web-application-activity; sid:300000139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthupper.club"; classtype:web-application-activity; sid:300000140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthyspirit.info"; classtype:web-application-activity; sid:300000142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hotladieshere.net"; classtype:web-application-activity; sid:300000144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httqzq.vip"; classtype:web-application-activity; sid:300000145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypezen.info"; classtype:web-application-activity; sid:300000146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ientsillness.fun"; classtype:web-application-activity; sid:300000147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incing-marganic.icu"; classtype:web-application-activity; sid:300000149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gx8uxvn13l.top"; classtype:web-application-activity; sid:300000130; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hailso.xyz"; classtype:web-application-activity; sid:300000131; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"happymakesite.xyz"; classtype:web-application-activity; sid:300000132; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healandgrow.club"; classtype:web-application-activity; sid:300000133; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healtheezy.info"; classtype:web-application-activity; sid:300000134; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthneo.club"; classtype:web-application-activity; sid:300000135; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthomega.club"; classtype:web-application-activity; sid:300000136; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthscale.club"; classtype:web-application-activity; sid:300000137; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthschedule.club"; classtype:web-application-activity; sid:300000138; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthsupreme.club"; classtype:web-application-activity; sid:300000139; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthtag.club"; classtype:web-application-activity; sid:300000140; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthupper.club"; classtype:web-application-activity; sid:300000141; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000142; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthyspirit.info"; classtype:web-application-activity; sid:300000143; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000144; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hotladieshere.net"; classtype:web-application-activity; sid:300000145; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httqzq.vip"; classtype:web-application-activity; sid:300000146; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypezen.info"; classtype:web-application-activity; sid:300000147; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ientsillness.fun"; classtype:web-application-activity; sid:300000148; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000149; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incrediblebuzz.info"; classtype:web-application-activity; sid:300000150; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"information.casa"; classtype:web-application-activity; sid:300000151; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installcompletely-theoriginalfile.best"; classtype:web-application-activity; sid:300000152; rev:1;)
@ -300,61 +300,61 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quantum.work"; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quatrefeuillepolonaise.xyz"; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rainlonginsect23.life"; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rancy.xyz"; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"random-prize-bigwin-official.cyou"; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"randomprizebigwinofficial.cyou"; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"resignation.top"; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewards-promotion-winner-super.cyou"; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardsluckygiveawayprize.cyou"; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardspromotionwinnersuper.cyou"; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ritaus.org"; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rootessential.info"; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runcurrent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rundeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestrecentfile.best"; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runfree-bestoverlyfile.best"; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runintensely-bestrenewedfile.best"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runlatest-besthighlyfile.best"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestextremelyfile.best"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestintenselyfile.best"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestquickfile.best"; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-besthighlyfile.best"; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdate.info"; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdates.info"; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scoopswoop.info"; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"score-monitoring.xyz"; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-tool.net"; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchoffers.info"; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-care.space"; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stay-notified.cc"; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"random-prize-bigwin-official.cyou"; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"randomprizebigwinofficial.cyou"; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"resignation.top"; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewards-promotion-winner-super.cyou"; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardsluckygiveawayprize.cyou"; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardspromotionwinnersuper.cyou"; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ritaus.org"; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rootessential.info"; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runcurrent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rundeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestrecentfile.best"; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runfree-bestoverlyfile.best"; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runintensely-bestrenewedfile.best"; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runlatest-besthighlyfile.best"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestextremelyfile.best"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestintenselyfile.best"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestquickfile.best"; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-besthighlyfile.best"; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdate.info"; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdates.info"; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scoopswoop.info"; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"score-monitoring.xyz"; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-tool.net"; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchoffers.info"; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-care.space"; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stay-notified.cc"; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stogether.fun"; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000353; rev:1;)

6
dist/pup-filter-unbound.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Unbound Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@ local-zone: "graburprize.net" always_nxdomain
local-zone: "gramp.xyz" always_nxdomain
local-zone: "grandencryptions.me" always_nxdomain
local-zone: "growthnetic.club" always_nxdomain
local-zone: "gx8uxvn13l.top" always_nxdomain
local-zone: "hailso.xyz" always_nxdomain
local-zone: "happymakesite.xyz" always_nxdomain
local-zone: "healandgrow.club" always_nxdomain
@ -153,7 +154,6 @@ local-zone: "httqzq.vip" always_nxdomain
local-zone: "hypezen.info" always_nxdomain
local-zone: "ientsillness.fun" always_nxdomain
local-zone: "imagefind.org" always_nxdomain
local-zone: "incing-marganic.icu" always_nxdomain
local-zone: "incrediblebuzz.info" always_nxdomain
local-zone: "information.casa" always_nxdomain
local-zone: "installcompletely-theoriginalfile.best" always_nxdomain
@ -300,7 +300,6 @@ local-zone: "qh97dkzy20.top" always_nxdomain
local-zone: "quantum.work" always_nxdomain
local-zone: "quatrefeuillepolonaise.xyz" always_nxdomain
local-zone: "rainlonginsect23.life" always_nxdomain
local-zone: "rancy.xyz" always_nxdomain
local-zone: "random-prize-bigwin-official.cyou" always_nxdomain
local-zone: "randomprizebigwinofficial.cyou" always_nxdomain
local-zone: "resignation.top" always_nxdomain
@ -355,6 +354,7 @@ local-zone: "start-page.one" always_nxdomain
local-zone: "startos.win" always_nxdomain
local-zone: "stay-notified.cc" always_nxdomain
local-zone: "stickr.co" always_nxdomain
local-zone: "stogether.fun" always_nxdomain
local-zone: "streamadvanced-bestcompletelyfile.best" always_nxdomain
local-zone: "streamadvanced-bestextremelyfile.best" always_nxdomain
local-zone: "streamdeveloped-bestoverlyfile.best" always_nxdomain

6
dist/pup-filter-vivaldi.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (Vivaldi)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 05 Aug 2021 00:03:34 +0000
! Updated: Thu, 05 Aug 2021 12:03:24 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@
||gramp.xyz$document
||grandencryptions.me$document
||growthnetic.club$document
||gx8uxvn13l.top$document
||hailso.xyz$document
||happymakesite.xyz$document
||healandgrow.club$document
@ -153,7 +154,6 @@
||hypezen.info$document
||ientsillness.fun$document
||imagefind.org$document
||incing-marganic.icu$document
||incrediblebuzz.info$document
||information.casa$document
||installcompletely-theoriginalfile.best$document
@ -300,7 +300,6 @@
||quantum.work$document
||quatrefeuillepolonaise.xyz$document
||rainlonginsect23.life$document
||rancy.xyz$document
||random-prize-bigwin-official.cyou$document
||randomprizebigwinofficial.cyou$document
||resignation.top$document
@ -355,6 +354,7 @@
||startos.win$document
||stay-notified.cc$document
||stickr.co$document
||stogether.fun$document
||streamadvanced-bestcompletelyfile.best$document
||streamadvanced-bestextremelyfile.best$document
||streamdeveloped-bestoverlyfile.best$document

6
dist/pup-filter.tpl vendored
View File

@ -1,7 +1,7 @@
msFilterList
# Title: PUP Hosts Blocklist (IE)
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Thu, 05 Aug 2021 00:03:34 +0000
# Updated: Thu, 05 Aug 2021 12:03:24 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -137,6 +137,7 @@ msFilterList
-d gramp.xyz
-d grandencryptions.me
-d growthnetic.club
-d gx8uxvn13l.top
-d hailso.xyz
-d happymakesite.xyz
-d healandgrow.club
@ -156,7 +157,6 @@ msFilterList
-d hypezen.info
-d ientsillness.fun
-d imagefind.org
-d incing-marganic.icu
-d incrediblebuzz.info
-d information.casa
-d installcompletely-theoriginalfile.best
@ -303,7 +303,6 @@ msFilterList
-d quantum.work
-d quatrefeuillepolonaise.xyz
-d rainlonginsect23.life
-d rancy.xyz
-d random-prize-bigwin-official.cyou
-d randomprizebigwinofficial.cyou
-d resignation.top
@ -358,6 +357,7 @@ msFilterList
-d startos.win
-d stay-notified.cc
-d stickr.co
-d stogether.fun
-d streamadvanced-bestcompletelyfile.best
-d streamadvanced-bestextremelyfile.best
-d streamdeveloped-bestoverlyfile.best

6
dist/pup-filter.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Thu, 05 Aug 2021 00:03:34 +0000
! Updated: Thu, 05 Aug 2021 12:03:24 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -134,6 +134,7 @@ graburprize.net
gramp.xyz
grandencryptions.me
growthnetic.club
gx8uxvn13l.top
hailso.xyz
happymakesite.xyz
healandgrow.club
@ -153,7 +154,6 @@ httqzq.vip
hypezen.info
ientsillness.fun
imagefind.org
incing-marganic.icu
incrediblebuzz.info
information.casa
installcompletely-theoriginalfile.best
@ -300,7 +300,6 @@ qh97dkzy20.top
quantum.work
quatrefeuillepolonaise.xyz
rainlonginsect23.life
rancy.xyz
random-prize-bigwin-official.cyou
randomprizebigwinofficial.cyou
resignation.top
@ -355,6 +354,7 @@ start-page.one
startos.win
stay-notified.cc
stickr.co
stogether.fun
streamadvanced-bestcompletelyfile.best
streamadvanced-bestextremelyfile.best
streamdeveloped-bestoverlyfile.best