curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter updated: Mon, 27 Dec 2021 12:02:42 +0000

This commit is contained in:
curben-bot 2021-12-27 12:02:42 +00:00
parent c95f2ee523
commit d095bddf9d
15 changed files with 337 additions and 337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
dist/pup-filter-ag.txt vendored
View File

@ -1,10 +1,11 @@
! Title: PUP Domains Blocklist (AdGuard)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Mon, 27 Dec 2021 00:02:46 +0000
! Updated: Mon, 27 Dec 2021 12:02:42 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
! Source: https://github.com/zhouhanc/malware-discoverer
||2021travel.net$all
||abc-news.online$all
||adverify.cloud$all
||adverify.me$all
@ -16,7 +17,6 @@
||aphicus.xyz$all
||appsto.cloud$all
||appzfirer.biz$all
||arre.work$all
||auto-car-search.site$all
||auto-insurance-search.site$all
||axisradio.ca$all
@ -197,6 +197,7 @@
||mobyfox.shop$all
||mybesthealthplan.org$all
||nettrafficpartners.net$all
||news-daluku.cc$all
||newsinformer.net$all
||nordvpnhosting.com$all
||offerpage.link$all
@ -283,7 +284,6 @@
||selectedlab.buzz$all
||sendnow.us$all
||shegotass.info$all
||shopadvisors.net$all
||shopin.nyc$all
||shopnsave.world$all
||sightcottonreply.top$all

6
dist/pup-filter-agh.txt vendored
View File

@ -1,10 +1,11 @@
! Title: PUP Domains Blocklist (AdGuard Home)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Mon, 27 Dec 2021 00:02:46 +0000
! Updated: Mon, 27 Dec 2021 12:02:42 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
! Source: https://github.com/zhouhanc/malware-discoverer
||2021travel.net^
||abc-news.online^
||adverify.cloud^
||adverify.me^
@ -16,7 +17,6 @@
||aphicus.xyz^
||appsto.cloud^
||appzfirer.biz^
||arre.work^
||auto-car-search.site^
||auto-insurance-search.site^
||axisradio.ca^
@ -197,6 +197,7 @@
||mobyfox.shop^
||mybesthealthplan.org^
||nettrafficpartners.net^
||news-daluku.cc^
||newsinformer.net^
||nordvpnhosting.com^
||offerpage.link^
@ -283,7 +284,6 @@
||selectedlab.buzz^
||sendnow.us^
||shegotass.info^
||shopadvisors.net^
||shopin.nyc^
||shopnsave.world^
||sightcottonreply.top^

6
dist/pup-filter-bind.conf vendored
View File

@ -1,10 +1,11 @@
# Title: PUP Domains BIND Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
zone "2021travel.net" { type master; notify no; file "null.zone.file"; };
zone "abc-news.online" { type master; notify no; file "null.zone.file"; };
zone "adverify.cloud" { type master; notify no; file "null.zone.file"; };
zone "adverify.me" { type master; notify no; file "null.zone.file"; };
@ -16,7 +17,6 @@ zone "android-web.live" { type master; notify no; file "null.zone.file"; };
zone "aphicus.xyz" { type master; notify no; file "null.zone.file"; };
zone "appsto.cloud" { type master; notify no; file "null.zone.file"; };
zone "appzfirer.biz" { type master; notify no; file "null.zone.file"; };
zone "arre.work" { type master; notify no; file "null.zone.file"; };
zone "auto-car-search.site" { type master; notify no; file "null.zone.file"; };
zone "auto-insurance-search.site" { type master; notify no; file "null.zone.file"; };
zone "axisradio.ca" { type master; notify no; file "null.zone.file"; };
@ -197,6 +197,7 @@ zone "mobiavolcano.xyz" { type master; notify no; file "null.zone.file"; };
zone "mobyfox.shop" { type master; notify no; file "null.zone.file"; };
zone "mybesthealthplan.org" { type master; notify no; file "null.zone.file"; };
zone "nettrafficpartners.net" { type master; notify no; file "null.zone.file"; };
zone "news-daluku.cc" { type master; notify no; file "null.zone.file"; };
zone "newsinformer.net" { type master; notify no; file "null.zone.file"; };
zone "nordvpnhosting.com" { type master; notify no; file "null.zone.file"; };
zone "offerpage.link" { type master; notify no; file "null.zone.file"; };
@ -283,7 +284,6 @@ zone "secureyounow.live" { type master; notify no; file "null.zone.file"; };
zone "selectedlab.buzz" { type master; notify no; file "null.zone.file"; };
zone "sendnow.us" { type master; notify no; file "null.zone.file"; };
zone "shegotass.info" { type master; notify no; file "null.zone.file"; };
zone "shopadvisors.net" { type master; notify no; file "null.zone.file"; };
zone "shopin.nyc" { type master; notify no; file "null.zone.file"; };
zone "shopnsave.world" { type master; notify no; file "null.zone.file"; };
zone "sightcottonreply.top" { type master; notify no; file "null.zone.file"; };

6
dist/pup-filter-dnscrypt-blocked-names.txt vendored
View File

@ -1,10 +1,11 @@
# Title: PUP Names Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
2021travel.net
abc-news.online
adverify.cloud
adverify.me
@ -16,7 +17,6 @@ android-web.live
aphicus.xyz
appsto.cloud
appzfirer.biz
arre.work
auto-car-search.site
auto-insurance-search.site
axisradio.ca
@ -197,6 +197,7 @@ mobiavolcano.xyz
mobyfox.shop
mybesthealthplan.org
nettrafficpartners.net
news-daluku.cc
newsinformer.net
nordvpnhosting.com
offerpage.link
@ -283,7 +284,6 @@ secureyounow.live
selectedlab.buzz
sendnow.us
shegotass.info
shopadvisors.net
shopin.nyc
shopnsave.world
sightcottonreply.top

6
dist/pup-filter-dnsmasq.conf vendored
View File

@ -1,10 +1,11 @@
# Title: PUP Domains dnsmasq Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
address=/2021travel.net/0.0.0.0
address=/abc-news.online/0.0.0.0
address=/adverify.cloud/0.0.0.0
address=/adverify.me/0.0.0.0
@ -16,7 +17,6 @@ address=/android-web.live/0.0.0.0
address=/aphicus.xyz/0.0.0.0
address=/appsto.cloud/0.0.0.0
address=/appzfirer.biz/0.0.0.0
address=/arre.work/0.0.0.0
address=/auto-car-search.site/0.0.0.0
address=/auto-insurance-search.site/0.0.0.0
address=/axisradio.ca/0.0.0.0
@ -197,6 +197,7 @@ address=/mobiavolcano.xyz/0.0.0.0
address=/mobyfox.shop/0.0.0.0
address=/mybesthealthplan.org/0.0.0.0
address=/nettrafficpartners.net/0.0.0.0
address=/news-daluku.cc/0.0.0.0
address=/newsinformer.net/0.0.0.0
address=/nordvpnhosting.com/0.0.0.0
address=/offerpage.link/0.0.0.0
@ -283,7 +284,6 @@ address=/secureyounow.live/0.0.0.0
address=/selectedlab.buzz/0.0.0.0
address=/sendnow.us/0.0.0.0
address=/shegotass.info/0.0.0.0
address=/shopadvisors.net/0.0.0.0
address=/shopin.nyc/0.0.0.0
address=/shopnsave.world/0.0.0.0
address=/sightcottonreply.top/0.0.0.0

6
dist/pup-filter-domains.txt vendored
View File

@ -1,10 +1,11 @@
# Title: PUP Domains Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
2021travel.net
abc-news.online
adverify.cloud
adverify.me
@ -16,7 +17,6 @@ android-web.live
aphicus.xyz
appsto.cloud
appzfirer.biz
arre.work
auto-car-search.site
auto-insurance-search.site
axisradio.ca
@ -197,6 +197,7 @@ mobiavolcano.xyz
mobyfox.shop
mybesthealthplan.org
nettrafficpartners.net
news-daluku.cc
newsinformer.net
nordvpnhosting.com
offerpage.link
@ -283,7 +284,6 @@ secureyounow.live
selectedlab.buzz
sendnow.us
shegotass.info
shopadvisors.net
shopin.nyc
shopnsave.world
sightcottonreply.top

6
dist/pup-filter-hosts.txt vendored
View File

@ -1,10 +1,11 @@
# Title: PUP Hosts Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
0.0.0.0 2021travel.net
0.0.0.0 abc-news.online
0.0.0.0 adverify.cloud
0.0.0.0 adverify.me
@ -16,7 +17,6 @@
0.0.0.0 aphicus.xyz
0.0.0.0 appsto.cloud
0.0.0.0 appzfirer.biz
0.0.0.0 arre.work
0.0.0.0 auto-car-search.site
0.0.0.0 auto-insurance-search.site
0.0.0.0 axisradio.ca
@ -197,6 +197,7 @@
0.0.0.0 mobyfox.shop
0.0.0.0 mybesthealthplan.org
0.0.0.0 nettrafficpartners.net
0.0.0.0 news-daluku.cc
0.0.0.0 newsinformer.net
0.0.0.0 nordvpnhosting.com
0.0.0.0 offerpage.link
@ -283,7 +284,6 @@
0.0.0.0 selectedlab.buzz
0.0.0.0 sendnow.us
0.0.0.0 shegotass.info
0.0.0.0 shopadvisors.net
0.0.0.0 shopin.nyc
0.0.0.0 shopnsave.world
0.0.0.0 sightcottonreply.top

8
dist/pup-filter-rpz.conf vendored
View File

@ -1,15 +1,16 @@
; Title: PUP Domains RPZ Blocklist
; Description: Block domains that host potentially unwanted programs (PUP)
; Updated: Mon, 27 Dec 2021 00:02:46 +0000
; Updated: Mon, 27 Dec 2021 12:02:42 +0000
; Expires: 1 day (update frequency)
; Homepage: https://gitlab.com/curben/pup-filter
; License: https://gitlab.com/curben/pup-filter#license
; Source: https://github.com/zhouhanc/malware-discoverer
$TTL 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1640563366 86400 3600 604800 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1640606562 86400 3600 604800 30
NS localhost.
2021travel.net CNAME .
abc-news.online CNAME .
adverify.cloud CNAME .
adverify.me CNAME .
@ -21,7 +22,6 @@ android-web.live CNAME .
aphicus.xyz CNAME .
appsto.cloud CNAME .
appzfirer.biz CNAME .
arre.work CNAME .
auto-car-search.site CNAME .
auto-insurance-search.site CNAME .
axisradio.ca CNAME .
@ -202,6 +202,7 @@ mobiavolcano.xyz CNAME .
mobyfox.shop CNAME .
mybesthealthplan.org CNAME .
nettrafficpartners.net CNAME .
news-daluku.cc CNAME .
newsinformer.net CNAME .
nordvpnhosting.com CNAME .
offerpage.link CNAME .
@ -288,7 +289,6 @@ secureyounow.live CNAME .
selectedlab.buzz CNAME .
sendnow.us CNAME .
shegotass.info CNAME .
shopadvisors.net CNAME .
shopin.nyc CNAME .
shopnsave.world CNAME .
sightcottonreply.top CNAME .

200
dist/pup-filter-snort2.rules vendored
View File

@ -1,22 +1,22 @@
# Title: PUP Domains Snort2 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"abc-news.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000001; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"adverify.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"adverify.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"am-harder-stock-corn.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"amobil.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-browser.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-web.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aphicus.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"arre.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"2021travel.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000001; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"abc-news.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"adverify.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"adverify.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"am-harder-stock-corn.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"amobil.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-browser.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"android-web.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aphicus.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appsto.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000013; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-insurance-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000014; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"axisradio.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000015; rev:1;)
@ -197,93 +197,93 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mobyfox.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000190; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"mybesthealthplan.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000191; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nettrafficpartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000192; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsinformer.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nordvpnhosting.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"paint-lion-history-loud.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performrefinedoverlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"peterhahn.be"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"phoneapplicationmap.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"phonesecuritymagic.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"press-news-for.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"producthunter.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"promotionclaim.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-ios.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"qfind.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quizshein.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rancy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"randompromotion.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"real-buy.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rehab-centers-here-now.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"restorerefinedsuperthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"restoresuperspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardgivingrealspecialoffer.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"richsurvey.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ryknxj.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safeguide.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seaplaytoo.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-zero1.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchoffers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"secureyounow.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"selectedlab.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sendnow.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shegotass.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopadvisors.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"news-daluku.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000193; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"newsinformer.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000194; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"nordvpnhosting.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000195; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offerpage.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000196; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"offersearch.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000197; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"paint-lion-history-loud.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000198; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000199; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000200; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000201; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000202; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000203; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000204; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000205; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000206; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000207; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandaspringf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000208; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000209; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000210; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000211; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000212; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandasummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000213; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000214; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000215; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000216; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000217; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000218; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"pandawinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000219; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000220; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performhighlyswiftthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000221; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"performrefinedoverlythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000222; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"peterhahn.be"; content:"Host"; http_header; classtype:web-application-activity; sid:300000223; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"phoneapplicationmap.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000224; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"phonesecuritymagic.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000225; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placefortheupgradesset.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000226; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"placespina.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000227; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumna.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000228; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000229; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000230; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000231; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumne.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000232; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playautumnf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000233; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playplanete.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000234; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringa.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000235; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000236; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000237; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playspringe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playsummerf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintera.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwintere.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"playwinterf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"press-news-for.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prize-messsages.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"producthunter.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"promotionclaim.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-ios.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"qfind.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quizshein.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rancy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"randompromotion.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"real-buy.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rehab-centers-here-now.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"restorerefinedsuperthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"restoresuperspeedythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardgivingrealspecialoffer.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"richsurvey.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ryknxj.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safeguide.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seaplaytoo.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-zero1.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchoffers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"secureyounow.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"selectedlab.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sendnow.us"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shegotass.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sightcottonreply.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;)

200
dist/pup-filter-snort3.rules vendored
View File

@ -1,22 +1,22 @@
# Title: PUP Domains Snort3 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"abc-news.online",nocase; classtype:web-application-activity; sid:300000001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"adverify.cloud",nocase; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"adverify.me",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"am-harder-stock-corn.xyz",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"amobil.online",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-browser.live",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-web.live",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aphicus.xyz",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"arre.work",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"2021travel.net",nocase; classtype:web-application-activity; sid:300000001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"abc-news.online",nocase; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"adverify.cloud",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"adverify.me",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"am-harder-stock-corn.xyz",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"amobil.online",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-browser.live",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"android-web.live",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aphicus.xyz",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appsto.cloud",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-insurance-search.site",nocase; classtype:web-application-activity; sid:300000014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"axisradio.ca",nocase; classtype:web-application-activity; sid:300000015; rev:1;)
@ -197,93 +197,93 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mobyfox.shop",nocase; classtype:web-application-activity; sid:300000190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"mybesthealthplan.org",nocase; classtype:web-application-activity; sid:300000191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nettrafficpartners.net",nocase; classtype:web-application-activity; sid:300000192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsinformer.net",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nordvpnhosting.com",nocase; classtype:web-application-activity; sid:300000194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"paint-lion-history-loud.xyz",nocase; classtype:web-application-activity; sid:300000197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumna.xyz",nocase; classtype:web-application-activity; sid:300000198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringb.xyz",nocase; classtype:web-application-activity; sid:300000203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringc.xyz",nocase; classtype:web-application-activity; sid:300000204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringd.xyz",nocase; classtype:web-application-activity; sid:300000205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringf.xyz",nocase; classtype:web-application-activity; sid:300000207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummera.xyz",nocase; classtype:web-application-activity; sid:300000208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerc.xyz",nocase; classtype:web-application-activity; sid:300000209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerd.xyz",nocase; classtype:web-application-activity; sid:300000210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummere.xyz",nocase; classtype:web-application-activity; sid:300000211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerf.xyz",nocase; classtype:web-application-activity; sid:300000212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintera.xyz",nocase; classtype:web-application-activity; sid:300000213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterb.xyz",nocase; classtype:web-application-activity; sid:300000214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterf.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performrefinedoverlythefile.vip",nocase; classtype:web-application-activity; sid:300000221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"peterhahn.be",nocase; classtype:web-application-activity; sid:300000222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"phoneapplicationmap.top",nocase; classtype:web-application-activity; sid:300000223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"phonesecuritymagic.top",nocase; classtype:web-application-activity; sid:300000224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringb.xyz",nocase; classtype:web-application-activity; sid:300000235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringc.xyz",nocase; classtype:web-application-activity; sid:300000236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringd.xyz",nocase; classtype:web-application-activity; sid:300000237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringe.xyz",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummera.xyz",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerb.xyz",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerc.xyz",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummere.xyz",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerf.xyz",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintera.xyz",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterb.xyz",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterc.xyz",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterd.xyz",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintere.xyz",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterf.xyz",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"press-news-for.me",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"producthunter.club",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"promotionclaim.rest",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protect-ios.com",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"qfind.net",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quizshein.shop",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rancy.xyz",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"randompromotion.rest",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"real-buy.net",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rehab-centers-here-now.site",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"restorerefinedsuperthefile.vip",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"restoresuperspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardgivingrealspecialoffer.cyou",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"richsurvey.live",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ryknxj.top",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safeguide.net",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seaplaytoo.top",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-zero1.online",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchoffers.info",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"secureyounow.live",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"selectedlab.buzz",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sendnow.us",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shegotass.info",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopadvisors.net",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"news-daluku.cc",nocase; classtype:web-application-activity; sid:300000193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"newsinformer.net",nocase; classtype:web-application-activity; sid:300000194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"nordvpnhosting.com",nocase; classtype:web-application-activity; sid:300000195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offerpage.link",nocase; classtype:web-application-activity; sid:300000196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"offersearch.info",nocase; classtype:web-application-activity; sid:300000197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"paint-lion-history-loud.xyz",nocase; classtype:web-application-activity; sid:300000198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumna.xyz",nocase; classtype:web-application-activity; sid:300000199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnb.xyz",nocase; classtype:web-application-activity; sid:300000200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnc.xyz",nocase; classtype:web-application-activity; sid:300000201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnd.xyz",nocase; classtype:web-application-activity; sid:300000202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaautumnf.xyz",nocase; classtype:web-application-activity; sid:300000203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringb.xyz",nocase; classtype:web-application-activity; sid:300000204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringc.xyz",nocase; classtype:web-application-activity; sid:300000205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringd.xyz",nocase; classtype:web-application-activity; sid:300000206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringe.xyz",nocase; classtype:web-application-activity; sid:300000207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandaspringf.xyz",nocase; classtype:web-application-activity; sid:300000208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummera.xyz",nocase; classtype:web-application-activity; sid:300000209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerc.xyz",nocase; classtype:web-application-activity; sid:300000210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerd.xyz",nocase; classtype:web-application-activity; sid:300000211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummere.xyz",nocase; classtype:web-application-activity; sid:300000212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandasummerf.xyz",nocase; classtype:web-application-activity; sid:300000213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintera.xyz",nocase; classtype:web-application-activity; sid:300000214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterb.xyz",nocase; classtype:web-application-activity; sid:300000215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterc.xyz",nocase; classtype:web-application-activity; sid:300000216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterd.xyz",nocase; classtype:web-application-activity; sid:300000217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawintere.xyz",nocase; classtype:web-application-activity; sid:300000218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"pandawinterf.xyz",nocase; classtype:web-application-activity; sid:300000219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performhighlyswiftthefile.vip",nocase; classtype:web-application-activity; sid:300000221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"performrefinedoverlythefile.vip",nocase; classtype:web-application-activity; sid:300000222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"peterhahn.be",nocase; classtype:web-application-activity; sid:300000223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"phoneapplicationmap.top",nocase; classtype:web-application-activity; sid:300000224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"phonesecuritymagic.top",nocase; classtype:web-application-activity; sid:300000225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placefortheupgradesset.work",nocase; classtype:web-application-activity; sid:300000226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"placespina.xyz",nocase; classtype:web-application-activity; sid:300000227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumna.xyz",nocase; classtype:web-application-activity; sid:300000228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnb.xyz",nocase; classtype:web-application-activity; sid:300000229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnc.xyz",nocase; classtype:web-application-activity; sid:300000230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnd.xyz",nocase; classtype:web-application-activity; sid:300000231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumne.xyz",nocase; classtype:web-application-activity; sid:300000232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playautumnf.xyz",nocase; classtype:web-application-activity; sid:300000233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playplanete.xyz",nocase; classtype:web-application-activity; sid:300000234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringa.xyz",nocase; classtype:web-application-activity; sid:300000235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringb.xyz",nocase; classtype:web-application-activity; sid:300000236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringc.xyz",nocase; classtype:web-application-activity; sid:300000237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringd.xyz",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playspringe.xyz",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummera.xyz",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerb.xyz",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerc.xyz",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummere.xyz",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playsummerf.xyz",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintera.xyz",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterb.xyz",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterc.xyz",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterd.xyz",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwintere.xyz",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"playwinterf.xyz",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"press-news-for.me",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prize-messsages.casa",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"producthunter.club",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"promotionclaim.rest",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protect-ios.com",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"qfind.net",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quizshein.shop",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rancy.xyz",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"randompromotion.rest",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"real-buy.net",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rehab-centers-here-now.site",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"restorerefinedsuperthefile.vip",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"restoresuperspeedythefile.vip",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardgivingrealspecialoffer.cyou",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"richsurvey.live",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ryknxj.top",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safeguide.net",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seaplaytoo.top",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-zero1.online",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchoffers.info",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"secureyounow.live",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"selectedlab.buzz",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sendnow.us",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shegotass.info",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sightcottonreply.top",nocase; classtype:web-application-activity; sid:300000282; rev:1;)

200
dist/pup-filter-suricata.rules vendored
View File

@ -1,22 +1,22 @@
# Title: PUP Domains Suricata Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abc-news.online"; classtype:web-application-activity; sid:300000001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adverify.cloud"; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adverify.me"; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"am-harder-stock-corn.xyz"; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amobil.online"; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-browser.live"; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-web.live"; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aphicus.xyz"; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"arre.work"; classtype:web-application-activity; sid:300000012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"2021travel.net"; classtype:web-application-activity; sid:300000001; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abc-news.online"; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adverify.cloud"; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adverify.me"; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"am-harder-stock-corn.xyz"; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amobil.online"; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-browser.live"; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"android-web.live"; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aphicus.xyz"; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appsto.cloud"; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000012; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000013; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-insurance-search.site"; classtype:web-application-activity; sid:300000014; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"axisradio.ca"; classtype:web-application-activity; sid:300000015; rev:1;)
@ -197,93 +197,93 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mobyfox.shop"; classtype:web-application-activity; sid:300000190; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mybesthealthplan.org"; classtype:web-application-activity; sid:300000191; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nettrafficpartners.net"; classtype:web-application-activity; sid:300000192; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsinformer.net"; classtype:web-application-activity; sid:300000193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nordvpnhosting.com"; classtype:web-application-activity; sid:300000194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paint-lion-history-loud.xyz"; classtype:web-application-activity; sid:300000197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumna.xyz"; classtype:web-application-activity; sid:300000198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnb.xyz"; classtype:web-application-activity; sid:300000199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnc.xyz"; classtype:web-application-activity; sid:300000200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnd.xyz"; classtype:web-application-activity; sid:300000201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnf.xyz"; classtype:web-application-activity; sid:300000202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringb.xyz"; classtype:web-application-activity; sid:300000203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringc.xyz"; classtype:web-application-activity; sid:300000204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringd.xyz"; classtype:web-application-activity; sid:300000205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringf.xyz"; classtype:web-application-activity; sid:300000207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummera.xyz"; classtype:web-application-activity; sid:300000208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerc.xyz"; classtype:web-application-activity; sid:300000209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerd.xyz"; classtype:web-application-activity; sid:300000210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummere.xyz"; classtype:web-application-activity; sid:300000211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerf.xyz"; classtype:web-application-activity; sid:300000212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintera.xyz"; classtype:web-application-activity; sid:300000213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterb.xyz"; classtype:web-application-activity; sid:300000214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterf.xyz"; classtype:web-application-activity; sid:300000218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyspeedythefile.vip"; classtype:web-application-activity; sid:300000219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyswiftthefile.vip"; classtype:web-application-activity; sid:300000220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrefinedoverlythefile.vip"; classtype:web-application-activity; sid:300000221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peterhahn.be"; classtype:web-application-activity; sid:300000222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phoneapplicationmap.top"; classtype:web-application-activity; sid:300000223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phonesecuritymagic.top"; classtype:web-application-activity; sid:300000224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringb.xyz"; classtype:web-application-activity; sid:300000235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringc.xyz"; classtype:web-application-activity; sid:300000236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringd.xyz"; classtype:web-application-activity; sid:300000237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringe.xyz"; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummera.xyz"; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerb.xyz"; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerc.xyz"; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummere.xyz"; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerf.xyz"; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintera.xyz"; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterb.xyz"; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterc.xyz"; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterd.xyz"; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintere.xyz"; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterf.xyz"; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"press-news-for.me"; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"producthunter.club"; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promotionclaim.rest"; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-ios.com"; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qfind.net"; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quizshein.shop"; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rancy.xyz"; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"randompromotion.rest"; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"real-buy.net"; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rehab-centers-here-now.site"; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restorerefinedsuperthefile.vip"; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restoresuperspeedythefile.vip"; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardgivingrealspecialoffer.cyou"; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"richsurvey.live"; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ryknxj.top"; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safeguide.net"; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seaplaytoo.top"; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-zero1.online"; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchoffers.info"; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secureyounow.live"; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selectedlab.buzz"; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sendnow.us"; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shegotass.info"; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopadvisors.net"; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"news-daluku.cc"; classtype:web-application-activity; sid:300000193; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsinformer.net"; classtype:web-application-activity; sid:300000194; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nordvpnhosting.com"; classtype:web-application-activity; sid:300000195; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offerpage.link"; classtype:web-application-activity; sid:300000196; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"offersearch.info"; classtype:web-application-activity; sid:300000197; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"paint-lion-history-loud.xyz"; classtype:web-application-activity; sid:300000198; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumna.xyz"; classtype:web-application-activity; sid:300000199; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnb.xyz"; classtype:web-application-activity; sid:300000200; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnc.xyz"; classtype:web-application-activity; sid:300000201; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnd.xyz"; classtype:web-application-activity; sid:300000202; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaautumnf.xyz"; classtype:web-application-activity; sid:300000203; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringb.xyz"; classtype:web-application-activity; sid:300000204; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringc.xyz"; classtype:web-application-activity; sid:300000205; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringd.xyz"; classtype:web-application-activity; sid:300000206; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringe.xyz"; classtype:web-application-activity; sid:300000207; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandaspringf.xyz"; classtype:web-application-activity; sid:300000208; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummera.xyz"; classtype:web-application-activity; sid:300000209; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerc.xyz"; classtype:web-application-activity; sid:300000210; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerd.xyz"; classtype:web-application-activity; sid:300000211; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummere.xyz"; classtype:web-application-activity; sid:300000212; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandasummerf.xyz"; classtype:web-application-activity; sid:300000213; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintera.xyz"; classtype:web-application-activity; sid:300000214; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterb.xyz"; classtype:web-application-activity; sid:300000215; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterc.xyz"; classtype:web-application-activity; sid:300000216; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterd.xyz"; classtype:web-application-activity; sid:300000217; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawintere.xyz"; classtype:web-application-activity; sid:300000218; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pandawinterf.xyz"; classtype:web-application-activity; sid:300000219; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyspeedythefile.vip"; classtype:web-application-activity; sid:300000220; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighlyswiftthefile.vip"; classtype:web-application-activity; sid:300000221; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrefinedoverlythefile.vip"; classtype:web-application-activity; sid:300000222; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"peterhahn.be"; classtype:web-application-activity; sid:300000223; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phoneapplicationmap.top"; classtype:web-application-activity; sid:300000224; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"phonesecuritymagic.top"; classtype:web-application-activity; sid:300000225; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placefortheupgradesset.work"; classtype:web-application-activity; sid:300000226; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placespina.xyz"; classtype:web-application-activity; sid:300000227; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumna.xyz"; classtype:web-application-activity; sid:300000228; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnb.xyz"; classtype:web-application-activity; sid:300000229; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnc.xyz"; classtype:web-application-activity; sid:300000230; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnd.xyz"; classtype:web-application-activity; sid:300000231; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumne.xyz"; classtype:web-application-activity; sid:300000232; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playautumnf.xyz"; classtype:web-application-activity; sid:300000233; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playplanete.xyz"; classtype:web-application-activity; sid:300000234; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringa.xyz"; classtype:web-application-activity; sid:300000235; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringb.xyz"; classtype:web-application-activity; sid:300000236; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringc.xyz"; classtype:web-application-activity; sid:300000237; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringd.xyz"; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspringe.xyz"; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummera.xyz"; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerb.xyz"; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerc.xyz"; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummere.xyz"; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playsummerf.xyz"; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintera.xyz"; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterb.xyz"; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterc.xyz"; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterd.xyz"; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwintere.xyz"; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playwinterf.xyz"; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"press-news-for.me"; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prize-messsages.casa"; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"producthunter.club"; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"promotionclaim.rest"; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-ios.com"; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qfind.net"; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quizshein.shop"; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rancy.xyz"; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"randompromotion.rest"; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"real-buy.net"; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rehab-centers-here-now.site"; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restorerefinedsuperthefile.vip"; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"restoresuperspeedythefile.vip"; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardgivingrealspecialoffer.cyou"; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"richsurvey.live"; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ryknxj.top"; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safeguide.net"; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seaplaytoo.top"; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-zero1.online"; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchoffers.info"; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"secureyounow.live"; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selectedlab.buzz"; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sendnow.us"; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shegotass.info"; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sightcottonreply.top"; classtype:web-application-activity; sid:300000282; rev:1;)

6
dist/pup-filter-unbound.conf vendored
View File

@ -1,10 +1,11 @@
# Title: PUP Domains Unbound Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
local-zone: "2021travel.net" always_nxdomain
local-zone: "abc-news.online" always_nxdomain
local-zone: "adverify.cloud" always_nxdomain
local-zone: "adverify.me" always_nxdomain
@ -16,7 +17,6 @@ local-zone: "android-web.live" always_nxdomain
local-zone: "aphicus.xyz" always_nxdomain
local-zone: "appsto.cloud" always_nxdomain
local-zone: "appzfirer.biz" always_nxdomain
local-zone: "arre.work" always_nxdomain
local-zone: "auto-car-search.site" always_nxdomain
local-zone: "auto-insurance-search.site" always_nxdomain
local-zone: "axisradio.ca" always_nxdomain
@ -197,6 +197,7 @@ local-zone: "mobiavolcano.xyz" always_nxdomain
local-zone: "mobyfox.shop" always_nxdomain
local-zone: "mybesthealthplan.org" always_nxdomain
local-zone: "nettrafficpartners.net" always_nxdomain
local-zone: "news-daluku.cc" always_nxdomain
local-zone: "newsinformer.net" always_nxdomain
local-zone: "nordvpnhosting.com" always_nxdomain
local-zone: "offerpage.link" always_nxdomain
@ -283,7 +284,6 @@ local-zone: "secureyounow.live" always_nxdomain
local-zone: "selectedlab.buzz" always_nxdomain
local-zone: "sendnow.us" always_nxdomain
local-zone: "shegotass.info" always_nxdomain
local-zone: "shopadvisors.net" always_nxdomain
local-zone: "shopin.nyc" always_nxdomain
local-zone: "shopnsave.world" always_nxdomain
local-zone: "sightcottonreply.top" always_nxdomain

6
dist/pup-filter-vivaldi.txt vendored
View File

@ -1,10 +1,11 @@
! Title: PUP Domains Blocklist (Vivaldi)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Mon, 27 Dec 2021 00:02:46 +0000
! Updated: Mon, 27 Dec 2021 12:02:42 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
! Source: https://github.com/zhouhanc/malware-discoverer
||2021travel.net$document
||abc-news.online$document
||adverify.cloud$document
||adverify.me$document
@ -16,7 +17,6 @@
||aphicus.xyz$document
||appsto.cloud$document
||appzfirer.biz$document
||arre.work$document
||auto-car-search.site$document
||auto-insurance-search.site$document
||axisradio.ca$document
@ -197,6 +197,7 @@
||mobyfox.shop$document
||mybesthealthplan.org$document
||nettrafficpartners.net$document
||news-daluku.cc$document
||newsinformer.net$document
||nordvpnhosting.com$document
||offerpage.link$document
@ -283,7 +284,6 @@
||selectedlab.buzz$document
||sendnow.us$document
||shegotass.info$document
||shopadvisors.net$document
||shopin.nyc$document
||shopnsave.world$document
||sightcottonreply.top$document

6
dist/pup-filter.tpl vendored
View File

@ -1,13 +1,14 @@
msFilterList
# Title: PUP Hosts Blocklist (IE)
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 27 Dec 2021 00:02:46 +0000
# Updated: Mon, 27 Dec 2021 12:02:42 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
# Source: https://github.com/zhouhanc/malware-discoverer
: Expires=1
#
-d 2021travel.net
-d abc-news.online
-d adverify.cloud
-d adverify.me
@ -19,7 +20,6 @@ msFilterList
-d aphicus.xyz
-d appsto.cloud
-d appzfirer.biz
-d arre.work
-d auto-car-search.site
-d auto-insurance-search.site
-d axisradio.ca
@ -200,6 +200,7 @@ msFilterList
-d mobyfox.shop
-d mybesthealthplan.org
-d nettrafficpartners.net
-d news-daluku.cc
-d newsinformer.net
-d nordvpnhosting.com
-d offerpage.link
@ -286,7 +287,6 @@ msFilterList
-d selectedlab.buzz
-d sendnow.us
-d shegotass.info
-d shopadvisors.net
-d shopin.nyc
-d shopnsave.world
-d sightcottonreply.top

6
dist/pup-filter.txt vendored
View File

@ -1,10 +1,11 @@
! Title: PUP Domains Blocklist
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Mon, 27 Dec 2021 00:02:46 +0000
! Updated: Mon, 27 Dec 2021 12:02:42 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
! Source: https://github.com/zhouhanc/malware-discoverer
2021travel.net
abc-news.online
adverify.cloud
adverify.me
@ -16,7 +17,6 @@ android-web.live
aphicus.xyz
appsto.cloud
appzfirer.biz
arre.work
auto-car-search.site
auto-insurance-search.site
axisradio.ca
@ -197,6 +197,7 @@ mobiavolcano.xyz
mobyfox.shop
mybesthealthplan.org
nettrafficpartners.net
news-daluku.cc
newsinformer.net
nordvpnhosting.com
offerpage.link
@ -283,7 +284,6 @@ secureyounow.live
selectedlab.buzz
sendnow.us
shegotass.info
shopadvisors.net
shopin.nyc
shopnsave.world
sightcottonreply.top