curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter updated: Fri, 30 Apr 2021 12:08:23 UTC

This commit is contained in:
curben-bot 2021-04-30 12:08:23 +00:00
parent 86ca2953a6
commit d16bbd4991
14 changed files with 343 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
dist/pup-filter-ag.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Fri, 30 Apr 2021 00:09:41 UTC
! Updated: Fri, 30 Apr 2021 12:08:23 UTC
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@
||prohealthroutine.info$all
||protect-connection.com$all
||protectyourvpn.com$all
||qh97dkzy20.top$all
||quantum.work$all
||rainlonginsect23.life$all
||readyhealth.info$all
@ -423,7 +424,6 @@
||shkshk.site$all
||shopnsave.world$all
||shoppingexp.xyz$all
||smartys.link$all
||spotplanetc.xyz$all
||spotplanetd.xyz$all
||spotspinb.xyz$all
@ -536,6 +536,7 @@
||vital-health.club$all
||vitalrole.info$all
||vpn-pro.info$all
||vpn1aprotectplus.com$all
||vpnadefenceplus.com$all
||vpntool.me$all
||vpnupdatesnow.com$all

5
dist/pup-filter-agh.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard Home)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Fri, 30 Apr 2021 00:09:41 UTC
! Updated: Fri, 30 Apr 2021 12:08:23 UTC
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@
||prohealthroutine.info^
||protect-connection.com^
||protectyourvpn.com^
||qh97dkzy20.top^
||quantum.work^
||rainlonginsect23.life^
||readyhealth.info^
@ -423,7 +424,6 @@
||shkshk.site^
||shopnsave.world^
||shoppingexp.xyz^
||smartys.link^
||spotplanetc.xyz^
||spotplanetd.xyz^
||spotspinb.xyz^
@ -536,6 +536,7 @@
||vital-health.club^
||vitalrole.info^
||vpn-pro.info^
||vpn1aprotectplus.com^
||vpnadefenceplus.com^
||vpntool.me^
||vpnupdatesnow.com^

5
dist/pup-filter-bind.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains BIND Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@ zone "privacykeeper.net" { type master; notify no; file "null.zone.file"; };
zone "prohealthroutine.info" { type master; notify no; file "null.zone.file"; };
zone "protect-connection.com" { type master; notify no; file "null.zone.file"; };
zone "protectyourvpn.com" { type master; notify no; file "null.zone.file"; };
zone "qh97dkzy20.top" { type master; notify no; file "null.zone.file"; };
zone "quantum.work" { type master; notify no; file "null.zone.file"; };
zone "rainlonginsect23.life" { type master; notify no; file "null.zone.file"; };
zone "readyhealth.info" { type master; notify no; file "null.zone.file"; };
@ -423,7 +424,6 @@ zone "service-care.space" { type master; notify no; file "null.zone.file"; };
zone "shkshk.site" { type master; notify no; file "null.zone.file"; };
zone "shopnsave.world" { type master; notify no; file "null.zone.file"; };
zone "shoppingexp.xyz" { type master; notify no; file "null.zone.file"; };
zone "smartys.link" { type master; notify no; file "null.zone.file"; };
zone "spotplanetc.xyz" { type master; notify no; file "null.zone.file"; };
zone "spotplanetd.xyz" { type master; notify no; file "null.zone.file"; };
zone "spotspinb.xyz" { type master; notify no; file "null.zone.file"; };
@ -536,6 +536,7 @@ zone "viralarticles.net" { type master; notify no; file "null.zone.file"; };
zone "vital-health.club" { type master; notify no; file "null.zone.file"; };
zone "vitalrole.info" { type master; notify no; file "null.zone.file"; };
zone "vpn-pro.info" { type master; notify no; file "null.zone.file"; };
zone "vpn1aprotectplus.com" { type master; notify no; file "null.zone.file"; };
zone "vpnadefenceplus.com" { type master; notify no; file "null.zone.file"; };
zone "vpntool.me" { type master; notify no; file "null.zone.file"; };
zone "vpnupdatesnow.com" { type master; notify no; file "null.zone.file"; };

5
dist/pup-filter-dnsmasq.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains dnsmasq Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@ address=/privacykeeper.net/0.0.0.0
address=/prohealthroutine.info/0.0.0.0
address=/protect-connection.com/0.0.0.0
address=/protectyourvpn.com/0.0.0.0
address=/qh97dkzy20.top/0.0.0.0
address=/quantum.work/0.0.0.0
address=/rainlonginsect23.life/0.0.0.0
address=/readyhealth.info/0.0.0.0
@ -423,7 +424,6 @@ address=/service-care.space/0.0.0.0
address=/shkshk.site/0.0.0.0
address=/shopnsave.world/0.0.0.0
address=/shoppingexp.xyz/0.0.0.0
address=/smartys.link/0.0.0.0
address=/spotplanetc.xyz/0.0.0.0
address=/spotplanetd.xyz/0.0.0.0
address=/spotspinb.xyz/0.0.0.0
@ -536,6 +536,7 @@ address=/viralarticles.net/0.0.0.0
address=/vital-health.club/0.0.0.0
address=/vitalrole.info/0.0.0.0
address=/vpn-pro.info/0.0.0.0
address=/vpn1aprotectplus.com/0.0.0.0
address=/vpnadefenceplus.com/0.0.0.0
address=/vpntool.me/0.0.0.0
address=/vpnupdatesnow.com/0.0.0.0

5
dist/pup-filter-domains.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@ privacykeeper.net
prohealthroutine.info
protect-connection.com
protectyourvpn.com
qh97dkzy20.top
quantum.work
rainlonginsect23.life
readyhealth.info
@ -423,7 +424,6 @@ service-care.space
shkshk.site
shopnsave.world
shoppingexp.xyz
smartys.link
spotplanetc.xyz
spotplanetd.xyz
spotspinb.xyz
@ -536,6 +536,7 @@ viralarticles.net
vital-health.club
vitalrole.info
vpn-pro.info
vpn1aprotectplus.com
vpnadefenceplus.com
vpntool.me
vpnupdatesnow.com

5
dist/pup-filter-hosts.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Hosts Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@
0.0.0.0 prohealthroutine.info
0.0.0.0 protect-connection.com
0.0.0.0 protectyourvpn.com
0.0.0.0 qh97dkzy20.top
0.0.0.0 quantum.work
0.0.0.0 rainlonginsect23.life
0.0.0.0 readyhealth.info
@ -423,7 +424,6 @@
0.0.0.0 shkshk.site
0.0.0.0 shopnsave.world
0.0.0.0 shoppingexp.xyz
0.0.0.0 smartys.link
0.0.0.0 spotplanetc.xyz
0.0.0.0 spotplanetd.xyz
0.0.0.0 spotspinb.xyz
@ -536,6 +536,7 @@
0.0.0.0 vital-health.club
0.0.0.0 vitalrole.info
0.0.0.0 vpn-pro.info
0.0.0.0 vpn1aprotectplus.com
0.0.0.0 vpnadefenceplus.com
0.0.0.0 vpntool.me
0.0.0.0 vpnupdatesnow.com

7
dist/pup-filter-rpz.conf vendored
View File

@ -1,13 +1,13 @@
; Title: PUP Domains RPZ Blocklist
; Description: Block domains that host potentially unwanted programs (PUP)
; Updated: Fri, 30 Apr 2021 00:09:41 UTC
; Updated: Fri, 30 Apr 2021 12:08:23 UTC
; Expires: 1 day (update frequency)
; Homepage: https://gitlab.com/curben/pup-filter
; License: https://gitlab.com/curben/pup-filter#license
; Source: https://github.com/zhouhanc/malware-discoverer
$TTL 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1619741381 86400 3600 604800 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1619784503 86400 3600 604800 30
NS localhost.
123news.website CNAME .
@ -363,6 +363,7 @@ privacykeeper.net CNAME .
prohealthroutine.info CNAME .
protect-connection.com CNAME .
protectyourvpn.com CNAME .
qh97dkzy20.top CNAME .
quantum.work CNAME .
rainlonginsect23.life CNAME .
readyhealth.info CNAME .
@ -428,7 +429,6 @@ service-care.space CNAME .
shkshk.site CNAME .
shopnsave.world CNAME .
shoppingexp.xyz CNAME .
smartys.link CNAME .
spotplanetc.xyz CNAME .
spotplanetd.xyz CNAME .
spotspinb.xyz CNAME .
@ -541,6 +541,7 @@ viralarticles.net CNAME .
vital-health.club CNAME .
vitalrole.info CNAME .
vpn-pro.info CNAME .
vpn1aprotectplus.com CNAME .
vpnadefenceplus.com CNAME .
vpntool.me CNAME .
vpnupdatesnow.com CNAME .

205
dist/pup-filter-snort2.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort2 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -358,72 +358,72 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"prohealthroutine.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protect-connection.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"protectyourvpn.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quantum.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rainlonginsect23.life"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"readyhealth.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"readyhealthgo.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000358; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000359; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000360; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000361; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000362; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.surf"; content:"Host"; http_header; classtype:web-application-activity; sid:300000363; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000364; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"reliablesoftwarevideos.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000365; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"remedify.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000366; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000367; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000368; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000369; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000370; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000371; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"resignation.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000372; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ritaus.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000373; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"roadtoyourhealth.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000374; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000375; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rootessential.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000376; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rotharbor.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000377; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000378; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runcurrent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000379; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rundeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000380; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000381; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000382; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000383; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000384; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runfree-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000385; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runintensely-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000386; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runlatest-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000387; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000388; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000389; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000390; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000391; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000392; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000393; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000394; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000395; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000396; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safelyonline.tech"; content:"Host"; http_header; classtype:web-application-activity; sid:300000397; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdate.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000398; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdates.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000399; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scheduleagreement.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000400; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"score-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000401; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-tool.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000402; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-trends.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000403; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchfeed.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000404; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seasoned.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000405; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alert.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000406; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000407; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000408; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"second-handjam.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000409; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-made-easy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000410; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-pro.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000411; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-protection.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000412; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seemlast.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000413; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"selfradiance.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000414; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-care.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000415; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shkshk.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000416; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000417; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shoppingexp.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000418; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartys.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000419; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"qh97dkzy20.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"quantum.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rainlonginsect23.life"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"readyhealth.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"readyhealthgo.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000358; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000359; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000360; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000361; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000362; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000363; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.surf"; content:"Host"; http_header; classtype:web-application-activity; sid:300000364; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"recontent.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000365; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"reliablesoftwarevideos.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000366; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"remedify.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000367; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.casa"; content:"Host"; http_header; classtype:web-application-activity; sid:300000368; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000369; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000370; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000371; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"renewvideo.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000372; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"resignation.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000373; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ritaus.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000374; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"roadtoyourhealth.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000375; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000376; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rootessential.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000377; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rotharbor.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000378; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000379; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runcurrent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000380; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rundeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000381; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000382; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000383; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000384; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000385; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runfree-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000386; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runintensely-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000387; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runlatest-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000388; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000389; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000390; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000391; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000392; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000393; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000394; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000395; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000396; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000397; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safelyonline.tech"; content:"Host"; http_header; classtype:web-application-activity; sid:300000398; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdate.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000399; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdates.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000400; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scheduleagreement.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000401; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"score-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000402; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-tool.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000403; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search-trends.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000404; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchfeed.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000405; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seasoned.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000406; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alert.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000407; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000408; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000409; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"second-handjam.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000410; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-made-easy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000411; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-pro.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000412; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-protection.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000413; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seemlast.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000414; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"selfradiance.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000415; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-care.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000416; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shkshk.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000417; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000418; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shoppingexp.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000419; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000420; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotplanetd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000421; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotspinb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000422; rev:1;)
@ -536,38 +536,39 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vital-health.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000529; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vitalrole.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000530; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn-pro.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000531; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnadefenceplus.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000532; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpntool.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000533; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnupdatesnow.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000534; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"website4all.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000535; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"websiteforall.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000536; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"websitetoget.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000537; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtip.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000538; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellnessgram.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000539; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellnessplum.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000540; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wherentlybrane.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000541; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wowlifestyle.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000542; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000543; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000544; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrading.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000545; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestvideoconnection.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000546; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestvideoconnections.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000547; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbettercleanplayer.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000548; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbettercleanplayers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000549; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000550; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000551; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrading.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000552; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplayerupdate.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000553; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplayerupdating.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000554; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryvideoupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000555; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryvideoupgrading.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000556; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestplayerlink.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000557; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestreliablelink.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000558; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafeststablelink.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000559; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafeststablelinks.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000560; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafesystemsupdating.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000561; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourstablegreatupdate.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000562; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourstablegreatupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000563; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourtechplaceforupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000564; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourultimateperfectupgrades.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000565; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ysfetinora.tk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000566; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpn1aprotectplus.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000532; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnadefenceplus.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000533; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpntool.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000534; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnupdatesnow.com"; content:"Host"; http_header; classtype:web-application-activity; sid:300000535; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"website4all.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000536; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"websiteforall.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000537; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"websitetoget.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000538; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtip.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000539; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellnessgram.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000540; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wellnessplum.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000541; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wherentlybrane.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000542; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"wowlifestyle.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000543; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000544; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000545; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestlinkupgrading.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000546; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestvideoconnection.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000547; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbestvideoconnections.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000548; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbettercleanplayer.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000549; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourbettercleanplayers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000550; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrade.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000551; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000552; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrading.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000553; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplayerupdate.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000554; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplayerupdating.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000555; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryvideoupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000556; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryvideoupgrading.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000557; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestplayerlink.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000558; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestreliablelink.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000559; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafeststablelink.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000560; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafeststablelinks.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000561; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafesystemsupdating.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000562; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourstablegreatupdate.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000563; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourstablegreatupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000564; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourtechplaceforupgrades.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000565; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourultimateperfectupgrades.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000566; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ysfetinora.tk"; content:"Host"; http_header; classtype:web-application-activity; sid:300000567; rev:1;)

205
dist/pup-filter-snort3.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort3 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -358,72 +358,72 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"prohealthroutine.info",nocase; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protect-connection.com",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"protectyourvpn.com",nocase; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quantum.work",nocase; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rainlonginsect23.life",nocase; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"readyhealth.info",nocase; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"readyhealthgo.today",nocase; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.casa",nocase; classtype:web-application-activity; sid:300000358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.cyou",nocase; classtype:web-application-activity; sid:300000359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.fun",nocase; classtype:web-application-activity; sid:300000360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.site",nocase; classtype:web-application-activity; sid:300000361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.space",nocase; classtype:web-application-activity; sid:300000362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.surf",nocase; classtype:web-application-activity; sid:300000363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.website",nocase; classtype:web-application-activity; sid:300000364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"reliablesoftwarevideos.info",nocase; classtype:web-application-activity; sid:300000365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"remedify.info",nocase; classtype:web-application-activity; sid:300000366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.casa",nocase; classtype:web-application-activity; sid:300000367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.fun",nocase; classtype:web-application-activity; sid:300000368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.online",nocase; classtype:web-application-activity; sid:300000369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.site",nocase; classtype:web-application-activity; sid:300000370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.website",nocase; classtype:web-application-activity; sid:300000371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"resignation.top",nocase; classtype:web-application-activity; sid:300000372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ritaus.org",nocase; classtype:web-application-activity; sid:300000373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"roadtoyourhealth.info",nocase; classtype:web-application-activity; sid:300000374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rootessential.info",nocase; classtype:web-application-activity; sid:300000376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rotharbor.xyz",nocase; classtype:web-application-activity; sid:300000377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runcurrent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rundeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runfree-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runintensely-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runlatest-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safelyonline.tech",nocase; classtype:web-application-activity; sid:300000397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdate.info",nocase; classtype:web-application-activity; sid:300000398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdates.info",nocase; classtype:web-application-activity; sid:300000399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scheduleagreement.xyz",nocase; classtype:web-application-activity; sid:300000400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"score-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-tool.net",nocase; classtype:web-application-activity; sid:300000402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-trends.co",nocase; classtype:web-application-activity; sid:300000403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchfeed.co",nocase; classtype:web-application-activity; sid:300000404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seasoned.co",nocase; classtype:web-application-activity; sid:300000405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alert.xyz",nocase; classtype:web-application-activity; sid:300000406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alerts.xyz",nocase; classtype:web-application-activity; sid:300000407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"second-handjam.xyz",nocase; classtype:web-application-activity; sid:300000409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-made-easy.xyz",nocase; classtype:web-application-activity; sid:300000410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-pro.xyz",nocase; classtype:web-application-activity; sid:300000411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-protection.xyz",nocase; classtype:web-application-activity; sid:300000412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seemlast.monster",nocase; classtype:web-application-activity; sid:300000413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"selfradiance.info",nocase; classtype:web-application-activity; sid:300000414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"service-care.space",nocase; classtype:web-application-activity; sid:300000415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shkshk.site",nocase; classtype:web-application-activity; sid:300000416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shoppingexp.xyz",nocase; classtype:web-application-activity; sid:300000418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartys.link",nocase; classtype:web-application-activity; sid:300000419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"qh97dkzy20.top",nocase; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"quantum.work",nocase; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rainlonginsect23.life",nocase; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"readyhealth.info",nocase; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"readyhealthgo.today",nocase; classtype:web-application-activity; sid:300000358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.casa",nocase; classtype:web-application-activity; sid:300000359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.cyou",nocase; classtype:web-application-activity; sid:300000360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.fun",nocase; classtype:web-application-activity; sid:300000361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.site",nocase; classtype:web-application-activity; sid:300000362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.space",nocase; classtype:web-application-activity; sid:300000363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.surf",nocase; classtype:web-application-activity; sid:300000364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"recontent.website",nocase; classtype:web-application-activity; sid:300000365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"reliablesoftwarevideos.info",nocase; classtype:web-application-activity; sid:300000366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"remedify.info",nocase; classtype:web-application-activity; sid:300000367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.casa",nocase; classtype:web-application-activity; sid:300000368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.fun",nocase; classtype:web-application-activity; sid:300000369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.online",nocase; classtype:web-application-activity; sid:300000370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.site",nocase; classtype:web-application-activity; sid:300000371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"renewvideo.website",nocase; classtype:web-application-activity; sid:300000372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"resignation.top",nocase; classtype:web-application-activity; sid:300000373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ritaus.org",nocase; classtype:web-application-activity; sid:300000374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"roadtoyourhealth.info",nocase; classtype:web-application-activity; sid:300000375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rootessential.info",nocase; classtype:web-application-activity; sid:300000377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rotharbor.xyz",nocase; classtype:web-application-activity; sid:300000378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runcurrent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rundeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runfree-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runintensely-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runlatest-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safelyonline.tech",nocase; classtype:web-application-activity; sid:300000398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdate.info",nocase; classtype:web-application-activity; sid:300000399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdates.info",nocase; classtype:web-application-activity; sid:300000400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scheduleagreement.xyz",nocase; classtype:web-application-activity; sid:300000401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"score-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-tool.net",nocase; classtype:web-application-activity; sid:300000403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search-trends.co",nocase; classtype:web-application-activity; sid:300000404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchfeed.co",nocase; classtype:web-application-activity; sid:300000405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seasoned.co",nocase; classtype:web-application-activity; sid:300000406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alert.xyz",nocase; classtype:web-application-activity; sid:300000407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alerts.xyz",nocase; classtype:web-application-activity; sid:300000408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"second-handjam.xyz",nocase; classtype:web-application-activity; sid:300000410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-made-easy.xyz",nocase; classtype:web-application-activity; sid:300000411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-pro.xyz",nocase; classtype:web-application-activity; sid:300000412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-protection.xyz",nocase; classtype:web-application-activity; sid:300000413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seemlast.monster",nocase; classtype:web-application-activity; sid:300000414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"selfradiance.info",nocase; classtype:web-application-activity; sid:300000415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"service-care.space",nocase; classtype:web-application-activity; sid:300000416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shkshk.site",nocase; classtype:web-application-activity; sid:300000417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shoppingexp.xyz",nocase; classtype:web-application-activity; sid:300000419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetc.xyz",nocase; classtype:web-application-activity; sid:300000420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotplanetd.xyz",nocase; classtype:web-application-activity; sid:300000421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotspinb.xyz",nocase; classtype:web-application-activity; sid:300000422; rev:1;)
@ -536,38 +536,39 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vital-health.club",nocase; classtype:web-application-activity; sid:300000529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vitalrole.info",nocase; classtype:web-application-activity; sid:300000530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn-pro.info",nocase; classtype:web-application-activity; sid:300000531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnadefenceplus.com",nocase; classtype:web-application-activity; sid:300000532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpntool.me",nocase; classtype:web-application-activity; sid:300000533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnupdatesnow.com",nocase; classtype:web-application-activity; sid:300000534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"website4all.info",nocase; classtype:web-application-activity; sid:300000535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"websiteforall.work",nocase; classtype:web-application-activity; sid:300000536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"websitetoget.work",nocase; classtype:web-application-activity; sid:300000537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtip.co",nocase; classtype:web-application-activity; sid:300000538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wellnessgram.info",nocase; classtype:web-application-activity; sid:300000539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wellnessplum.info",nocase; classtype:web-application-activity; sid:300000540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wherentlybrane.site",nocase; classtype:web-application-activity; sid:300000541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wowlifestyle.info",nocase; classtype:web-application-activity; sid:300000542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrade.info",nocase; classtype:web-application-activity; sid:300000543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrades.info",nocase; classtype:web-application-activity; sid:300000544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrading.info",nocase; classtype:web-application-activity; sid:300000545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestvideoconnection.info",nocase; classtype:web-application-activity; sid:300000546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestvideoconnections.info",nocase; classtype:web-application-activity; sid:300000547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbettercleanplayer.info",nocase; classtype:web-application-activity; sid:300000548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbettercleanplayers.info",nocase; classtype:web-application-activity; sid:300000549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrade.info",nocase; classtype:web-application-activity; sid:300000550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrades.info",nocase; classtype:web-application-activity; sid:300000551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrading.work",nocase; classtype:web-application-activity; sid:300000552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplayerupdate.work",nocase; classtype:web-application-activity; sid:300000553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplayerupdating.work",nocase; classtype:web-application-activity; sid:300000554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryvideoupgrades.info",nocase; classtype:web-application-activity; sid:300000555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryvideoupgrading.info",nocase; classtype:web-application-activity; sid:300000556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestplayerlink.best",nocase; classtype:web-application-activity; sid:300000557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestreliablelink.work",nocase; classtype:web-application-activity; sid:300000558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafeststablelink.info",nocase; classtype:web-application-activity; sid:300000559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafeststablelinks.info",nocase; classtype:web-application-activity; sid:300000560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafesystemsupdating.work",nocase; classtype:web-application-activity; sid:300000561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourstablegreatupdate.work",nocase; classtype:web-application-activity; sid:300000562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourstablegreatupdates.work",nocase; classtype:web-application-activity; sid:300000563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourtechplaceforupgrades.info",nocase; classtype:web-application-activity; sid:300000564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourultimateperfectupgrades.work",nocase; classtype:web-application-activity; sid:300000565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ysfetinora.tk",nocase; classtype:web-application-activity; sid:300000566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpn1aprotectplus.com",nocase; classtype:web-application-activity; sid:300000532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnadefenceplus.com",nocase; classtype:web-application-activity; sid:300000533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpntool.me",nocase; classtype:web-application-activity; sid:300000534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnupdatesnow.com",nocase; classtype:web-application-activity; sid:300000535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"website4all.info",nocase; classtype:web-application-activity; sid:300000536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"websiteforall.work",nocase; classtype:web-application-activity; sid:300000537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"websitetoget.work",nocase; classtype:web-application-activity; sid:300000538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtip.co",nocase; classtype:web-application-activity; sid:300000539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wellnessgram.info",nocase; classtype:web-application-activity; sid:300000540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wellnessplum.info",nocase; classtype:web-application-activity; sid:300000541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wherentlybrane.site",nocase; classtype:web-application-activity; sid:300000542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"wowlifestyle.info",nocase; classtype:web-application-activity; sid:300000543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrade.info",nocase; classtype:web-application-activity; sid:300000544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrades.info",nocase; classtype:web-application-activity; sid:300000545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestlinkupgrading.info",nocase; classtype:web-application-activity; sid:300000546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestvideoconnection.info",nocase; classtype:web-application-activity; sid:300000547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbestvideoconnections.info",nocase; classtype:web-application-activity; sid:300000548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbettercleanplayer.info",nocase; classtype:web-application-activity; sid:300000549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourbettercleanplayers.info",nocase; classtype:web-application-activity; sid:300000550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrade.info",nocase; classtype:web-application-activity; sid:300000551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrades.info",nocase; classtype:web-application-activity; sid:300000552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrading.work",nocase; classtype:web-application-activity; sid:300000553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplayerupdate.work",nocase; classtype:web-application-activity; sid:300000554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplayerupdating.work",nocase; classtype:web-application-activity; sid:300000555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryvideoupgrades.info",nocase; classtype:web-application-activity; sid:300000556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryvideoupgrading.info",nocase; classtype:web-application-activity; sid:300000557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestplayerlink.best",nocase; classtype:web-application-activity; sid:300000558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestreliablelink.work",nocase; classtype:web-application-activity; sid:300000559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafeststablelink.info",nocase; classtype:web-application-activity; sid:300000560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafeststablelinks.info",nocase; classtype:web-application-activity; sid:300000561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafesystemsupdating.work",nocase; classtype:web-application-activity; sid:300000562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourstablegreatupdate.work",nocase; classtype:web-application-activity; sid:300000563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourstablegreatupdates.work",nocase; classtype:web-application-activity; sid:300000564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourtechplaceforupgrades.info",nocase; classtype:web-application-activity; sid:300000565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourultimateperfectupgrades.work",nocase; classtype:web-application-activity; sid:300000566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ysfetinora.tk",nocase; classtype:web-application-activity; sid:300000567; rev:1;)

205
dist/pup-filter-suricata.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Suricata Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -358,72 +358,72 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prohealthroutine.info"; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-connection.com"; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protectyourvpn.com"; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quantum.work"; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rainlonginsect23.life"; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"readyhealth.info"; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"readyhealthgo.today"; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.casa"; classtype:web-application-activity; sid:300000358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.cyou"; classtype:web-application-activity; sid:300000359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.fun"; classtype:web-application-activity; sid:300000360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.site"; classtype:web-application-activity; sid:300000361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.space"; classtype:web-application-activity; sid:300000362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.surf"; classtype:web-application-activity; sid:300000363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.website"; classtype:web-application-activity; sid:300000364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reliablesoftwarevideos.info"; classtype:web-application-activity; sid:300000365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"remedify.info"; classtype:web-application-activity; sid:300000366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.casa"; classtype:web-application-activity; sid:300000367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.fun"; classtype:web-application-activity; sid:300000368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.online"; classtype:web-application-activity; sid:300000369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.site"; classtype:web-application-activity; sid:300000370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.website"; classtype:web-application-activity; sid:300000371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"resignation.top"; classtype:web-application-activity; sid:300000372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ritaus.org"; classtype:web-application-activity; sid:300000373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roadtoyourhealth.info"; classtype:web-application-activity; sid:300000374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rootessential.info"; classtype:web-application-activity; sid:300000376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rotharbor.xyz"; classtype:web-application-activity; sid:300000377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runcurrent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rundeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestrecentfile.best"; classtype:web-application-activity; sid:300000384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runfree-bestoverlyfile.best"; classtype:web-application-activity; sid:300000385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runintensely-bestrenewedfile.best"; classtype:web-application-activity; sid:300000386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runlatest-besthighlyfile.best"; classtype:web-application-activity; sid:300000387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestextremelyfile.best"; classtype:web-application-activity; sid:300000389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestintenselyfile.best"; classtype:web-application-activity; sid:300000390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestquickfile.best"; classtype:web-application-activity; sid:300000392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-besthighlyfile.best"; classtype:web-application-activity; sid:300000396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safelyonline.tech"; classtype:web-application-activity; sid:300000397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdate.info"; classtype:web-application-activity; sid:300000398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdates.info"; classtype:web-application-activity; sid:300000399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scheduleagreement.xyz"; classtype:web-application-activity; sid:300000400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"score-monitoring.xyz"; classtype:web-application-activity; sid:300000401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-tool.net"; classtype:web-application-activity; sid:300000402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-trends.co"; classtype:web-application-activity; sid:300000403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchfeed.co"; classtype:web-application-activity; sid:300000404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seasoned.co"; classtype:web-application-activity; sid:300000405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alerts.xyz"; classtype:web-application-activity; sid:300000407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-monitoring.xyz"; classtype:web-application-activity; sid:300000408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"second-handjam.xyz"; classtype:web-application-activity; sid:300000409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-made-easy.xyz"; classtype:web-application-activity; sid:300000410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-pro.xyz"; classtype:web-application-activity; sid:300000411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-protection.xyz"; classtype:web-application-activity; sid:300000412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selfradiance.info"; classtype:web-application-activity; sid:300000414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-care.space"; classtype:web-application-activity; sid:300000415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shkshk.site"; classtype:web-application-activity; sid:300000416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shoppingexp.xyz"; classtype:web-application-activity; sid:300000418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartys.link"; classtype:web-application-activity; sid:300000419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"qh97dkzy20.top"; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"quantum.work"; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rainlonginsect23.life"; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"readyhealth.info"; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"readyhealthgo.today"; classtype:web-application-activity; sid:300000358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.casa"; classtype:web-application-activity; sid:300000359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.cyou"; classtype:web-application-activity; sid:300000360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.fun"; classtype:web-application-activity; sid:300000361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.site"; classtype:web-application-activity; sid:300000362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.space"; classtype:web-application-activity; sid:300000363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.surf"; classtype:web-application-activity; sid:300000364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.website"; classtype:web-application-activity; sid:300000365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reliablesoftwarevideos.info"; classtype:web-application-activity; sid:300000366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"remedify.info"; classtype:web-application-activity; sid:300000367; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.casa"; classtype:web-application-activity; sid:300000368; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.fun"; classtype:web-application-activity; sid:300000369; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.online"; classtype:web-application-activity; sid:300000370; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.site"; classtype:web-application-activity; sid:300000371; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.website"; classtype:web-application-activity; sid:300000372; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"resignation.top"; classtype:web-application-activity; sid:300000373; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ritaus.org"; classtype:web-application-activity; sid:300000374; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roadtoyourhealth.info"; classtype:web-application-activity; sid:300000375; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000376; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rootessential.info"; classtype:web-application-activity; sid:300000377; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rotharbor.xyz"; classtype:web-application-activity; sid:300000378; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000379; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runcurrent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000380; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rundeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000381; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000382; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000383; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000384; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestrecentfile.best"; classtype:web-application-activity; sid:300000385; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runfree-bestoverlyfile.best"; classtype:web-application-activity; sid:300000386; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runintensely-bestrenewedfile.best"; classtype:web-application-activity; sid:300000387; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runlatest-besthighlyfile.best"; classtype:web-application-activity; sid:300000388; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000389; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestextremelyfile.best"; classtype:web-application-activity; sid:300000390; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestintenselyfile.best"; classtype:web-application-activity; sid:300000391; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000392; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestquickfile.best"; classtype:web-application-activity; sid:300000393; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000394; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000395; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000396; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-besthighlyfile.best"; classtype:web-application-activity; sid:300000397; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safelyonline.tech"; classtype:web-application-activity; sid:300000398; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdate.info"; classtype:web-application-activity; sid:300000399; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdates.info"; classtype:web-application-activity; sid:300000400; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scheduleagreement.xyz"; classtype:web-application-activity; sid:300000401; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"score-monitoring.xyz"; classtype:web-application-activity; sid:300000402; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-tool.net"; classtype:web-application-activity; sid:300000403; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-trends.co"; classtype:web-application-activity; sid:300000404; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchfeed.co"; classtype:web-application-activity; sid:300000405; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seasoned.co"; classtype:web-application-activity; sid:300000406; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000407; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alerts.xyz"; classtype:web-application-activity; sid:300000408; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-monitoring.xyz"; classtype:web-application-activity; sid:300000409; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"second-handjam.xyz"; classtype:web-application-activity; sid:300000410; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-made-easy.xyz"; classtype:web-application-activity; sid:300000411; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-pro.xyz"; classtype:web-application-activity; sid:300000412; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-protection.xyz"; classtype:web-application-activity; sid:300000413; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000414; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selfradiance.info"; classtype:web-application-activity; sid:300000415; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-care.space"; classtype:web-application-activity; sid:300000416; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shkshk.site"; classtype:web-application-activity; sid:300000417; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000418; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shoppingexp.xyz"; classtype:web-application-activity; sid:300000419; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000420; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetd.xyz"; classtype:web-application-activity; sid:300000421; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotspinb.xyz"; classtype:web-application-activity; sid:300000422; rev:1;)
@ -536,38 +536,39 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vital-health.club"; classtype:web-application-activity; sid:300000529; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vitalrole.info"; classtype:web-application-activity; sid:300000530; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn-pro.info"; classtype:web-application-activity; sid:300000531; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnadefenceplus.com"; classtype:web-application-activity; sid:300000532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpntool.me"; classtype:web-application-activity; sid:300000533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnupdatesnow.com"; classtype:web-application-activity; sid:300000534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"website4all.info"; classtype:web-application-activity; sid:300000535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websiteforall.work"; classtype:web-application-activity; sid:300000536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websitetoget.work"; classtype:web-application-activity; sid:300000537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtip.co"; classtype:web-application-activity; sid:300000538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessgram.info"; classtype:web-application-activity; sid:300000539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessplum.info"; classtype:web-application-activity; sid:300000540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wherentlybrane.site"; classtype:web-application-activity; sid:300000541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wowlifestyle.info"; classtype:web-application-activity; sid:300000542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrade.info"; classtype:web-application-activity; sid:300000543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrades.info"; classtype:web-application-activity; sid:300000544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrading.info"; classtype:web-application-activity; sid:300000545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnection.info"; classtype:web-application-activity; sid:300000546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnections.info"; classtype:web-application-activity; sid:300000547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayer.info"; classtype:web-application-activity; sid:300000548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayers.info"; classtype:web-application-activity; sid:300000549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrade.info"; classtype:web-application-activity; sid:300000550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrades.info"; classtype:web-application-activity; sid:300000551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrading.work"; classtype:web-application-activity; sid:300000552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdate.work"; classtype:web-application-activity; sid:300000553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdating.work"; classtype:web-application-activity; sid:300000554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrades.info"; classtype:web-application-activity; sid:300000555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrading.info"; classtype:web-application-activity; sid:300000556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestplayerlink.best"; classtype:web-application-activity; sid:300000557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestreliablelink.work"; classtype:web-application-activity; sid:300000558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelink.info"; classtype:web-application-activity; sid:300000559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelinks.info"; classtype:web-application-activity; sid:300000560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafesystemsupdating.work"; classtype:web-application-activity; sid:300000561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourstablegreatupdate.work"; classtype:web-application-activity; sid:300000562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourstablegreatupdates.work"; classtype:web-application-activity; sid:300000563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourtechplaceforupgrades.info"; classtype:web-application-activity; sid:300000564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourultimateperfectupgrades.work"; classtype:web-application-activity; sid:300000565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ysfetinora.tk"; classtype:web-application-activity; sid:300000566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn1aprotectplus.com"; classtype:web-application-activity; sid:300000532; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnadefenceplus.com"; classtype:web-application-activity; sid:300000533; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpntool.me"; classtype:web-application-activity; sid:300000534; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnupdatesnow.com"; classtype:web-application-activity; sid:300000535; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"website4all.info"; classtype:web-application-activity; sid:300000536; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websiteforall.work"; classtype:web-application-activity; sid:300000537; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websitetoget.work"; classtype:web-application-activity; sid:300000538; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtip.co"; classtype:web-application-activity; sid:300000539; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessgram.info"; classtype:web-application-activity; sid:300000540; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessplum.info"; classtype:web-application-activity; sid:300000541; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wherentlybrane.site"; classtype:web-application-activity; sid:300000542; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wowlifestyle.info"; classtype:web-application-activity; sid:300000543; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrade.info"; classtype:web-application-activity; sid:300000544; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrades.info"; classtype:web-application-activity; sid:300000545; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrading.info"; classtype:web-application-activity; sid:300000546; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnection.info"; classtype:web-application-activity; sid:300000547; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnections.info"; classtype:web-application-activity; sid:300000548; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayer.info"; classtype:web-application-activity; sid:300000549; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayers.info"; classtype:web-application-activity; sid:300000550; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrade.info"; classtype:web-application-activity; sid:300000551; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrades.info"; classtype:web-application-activity; sid:300000552; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrading.work"; classtype:web-application-activity; sid:300000553; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdate.work"; classtype:web-application-activity; sid:300000554; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdating.work"; classtype:web-application-activity; sid:300000555; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrades.info"; classtype:web-application-activity; sid:300000556; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrading.info"; classtype:web-application-activity; sid:300000557; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestplayerlink.best"; classtype:web-application-activity; sid:300000558; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestreliablelink.work"; classtype:web-application-activity; sid:300000559; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelink.info"; classtype:web-application-activity; sid:300000560; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelinks.info"; classtype:web-application-activity; sid:300000561; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafesystemsupdating.work"; classtype:web-application-activity; sid:300000562; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourstablegreatupdate.work"; classtype:web-application-activity; sid:300000563; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourstablegreatupdates.work"; classtype:web-application-activity; sid:300000564; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourtechplaceforupgrades.info"; classtype:web-application-activity; sid:300000565; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourultimateperfectupgrades.work"; classtype:web-application-activity; sid:300000566; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ysfetinora.tk"; classtype:web-application-activity; sid:300000567; rev:1;)

5
dist/pup-filter-unbound.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Unbound Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@ local-zone: "privacykeeper.net" always_nxdomain
local-zone: "prohealthroutine.info" always_nxdomain
local-zone: "protect-connection.com" always_nxdomain
local-zone: "protectyourvpn.com" always_nxdomain
local-zone: "qh97dkzy20.top" always_nxdomain
local-zone: "quantum.work" always_nxdomain
local-zone: "rainlonginsect23.life" always_nxdomain
local-zone: "readyhealth.info" always_nxdomain
@ -423,7 +424,6 @@ local-zone: "service-care.space" always_nxdomain
local-zone: "shkshk.site" always_nxdomain
local-zone: "shopnsave.world" always_nxdomain
local-zone: "shoppingexp.xyz" always_nxdomain
local-zone: "smartys.link" always_nxdomain
local-zone: "spotplanetc.xyz" always_nxdomain
local-zone: "spotplanetd.xyz" always_nxdomain
local-zone: "spotspinb.xyz" always_nxdomain
@ -536,6 +536,7 @@ local-zone: "viralarticles.net" always_nxdomain
local-zone: "vital-health.club" always_nxdomain
local-zone: "vitalrole.info" always_nxdomain
local-zone: "vpn-pro.info" always_nxdomain
local-zone: "vpn1aprotectplus.com" always_nxdomain
local-zone: "vpnadefenceplus.com" always_nxdomain
local-zone: "vpntool.me" always_nxdomain
local-zone: "vpnupdatesnow.com" always_nxdomain

5
dist/pup-filter-vivaldi.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (Vivaldi)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Fri, 30 Apr 2021 00:09:41 UTC
! Updated: Fri, 30 Apr 2021 12:08:23 UTC
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@
||prohealthroutine.info$document
||protect-connection.com$document
||protectyourvpn.com$document
||qh97dkzy20.top$document
||quantum.work$document
||rainlonginsect23.life$document
||readyhealth.info$document
@ -423,7 +424,6 @@
||shkshk.site$document
||shopnsave.world$document
||shoppingexp.xyz$document
||smartys.link$document
||spotplanetc.xyz$document
||spotplanetd.xyz$document
||spotspinb.xyz$document
@ -536,6 +536,7 @@
||vital-health.club$document
||vitalrole.info$document
||vpn-pro.info$document
||vpn1aprotectplus.com$document
||vpnadefenceplus.com$document
||vpntool.me$document
||vpnupdatesnow.com$document

5
dist/pup-filter.tpl vendored
View File

@ -1,7 +1,7 @@
msFilterList
# Title: PUP Hosts Blocklist (IE)
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Fri, 30 Apr 2021 00:09:41 UTC
# Updated: Fri, 30 Apr 2021 12:08:23 UTC
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -361,6 +361,7 @@ msFilterList
-d prohealthroutine.info
-d protect-connection.com
-d protectyourvpn.com
-d qh97dkzy20.top
-d quantum.work
-d rainlonginsect23.life
-d readyhealth.info
@ -426,7 +427,6 @@ msFilterList
-d shkshk.site
-d shopnsave.world
-d shoppingexp.xyz
-d smartys.link
-d spotplanetc.xyz
-d spotplanetd.xyz
-d spotspinb.xyz
@ -539,6 +539,7 @@ msFilterList
-d vital-health.club
-d vitalrole.info
-d vpn-pro.info
-d vpn1aprotectplus.com
-d vpnadefenceplus.com
-d vpntool.me
-d vpnupdatesnow.com

5
dist/pup-filter.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Fri, 30 Apr 2021 00:09:41 UTC
! Updated: Fri, 30 Apr 2021 12:08:23 UTC
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -358,6 +358,7 @@ privacykeeper.net
prohealthroutine.info
protect-connection.com
protectyourvpn.com
qh97dkzy20.top
quantum.work
rainlonginsect23.life
readyhealth.info
@ -423,7 +424,6 @@ service-care.space
shkshk.site
shopnsave.world
shoppingexp.xyz
smartys.link
spotplanetc.xyz
spotplanetd.xyz
spotspinb.xyz
@ -536,6 +536,7 @@ viralarticles.net
vital-health.club
vitalrole.info
vpn-pro.info
vpn1aprotectplus.com
vpnadefenceplus.com
vpntool.me
vpnupdatesnow.com