curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter updated: Tue, 14 Sep 2021 00:02:51 +0000

This commit is contained in:
curben-bot 2021-09-14 00:02:51 +00:00
parent 3861f14cc8
commit f15d38ce53
15 changed files with 637 additions and 667 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
dist/pup-filter-ag.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Mon, 13 Sep 2021 12:03:07 +0000
! Updated: Tue, 14 Sep 2021 00:02:51 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@
||4upgradingstablesafe.work$all
||affiliateland.io$all
||aikoo.club$all
||amobil.online$all
||appzfirer.biz$all
||armorprovpn.me$all
||atprofessor.fun$all
||atwater.org$all
||auto-car-search.site$all
||be-5hdo32xes-ok.live$all
||be-n9lnns3n-ok.live$all
||be-us-exercise-bikes-ok.live$all
@ -46,7 +46,6 @@
||consumerprotectioncybersecurity.org$all
||contentamigo.ru$all
||contentarea.ru$all
||contentgate.cam$all
||contentgate.club$all
||country-news.live$all
||crazyprize.buzz$all
@ -125,6 +124,7 @@
||investinfo.net$all
||ironprovpn.me$all
||isystemupdate.cloud$all
||java-forum.org$all
||jetsummer.xyz$all
||jointingifstrawberry.xyz$all
||jojomamanbebe.ie$all
@ -245,7 +245,6 @@
||rewards-promotion-winner-super.cyou$all
||rewardsluckygiveawayprize.cyou$all
||rewardspromotionwinnersuper.cyou$all
||robogarden.io$all
||runadvanced-bestgreatlyfile.best$all
||rungreatly-bestadvancedfile.best$all
||runnewest-bestextremelyfile.best$all
@ -357,7 +356,6 @@
||worldwideofficialrewardssuper.cyou$all
||worldwideprizegiveawayfree.cyou$all
||yifymovies.cam$all
||yourlegendaryplaceupgrading.work$all
||yourlegendarysystemsupgrade.work$all
||yourlinkplaceupdatingfree.work$all
||yourmoneymachine.cc$all

8
dist/pup-filter-agh.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard Home)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Mon, 13 Sep 2021 12:03:07 +0000
! Updated: Tue, 14 Sep 2021 00:02:51 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@
||4upgradingstablesafe.work^
||affiliateland.io^
||aikoo.club^
||amobil.online^
||appzfirer.biz^
||armorprovpn.me^
||atprofessor.fun^
||atwater.org^
||auto-car-search.site^
||be-5hdo32xes-ok.live^
||be-n9lnns3n-ok.live^
||be-us-exercise-bikes-ok.live^
@ -46,7 +46,6 @@
||consumerprotectioncybersecurity.org^
||contentamigo.ru^
||contentarea.ru^
||contentgate.cam^
||contentgate.club^
||country-news.live^
||crazyprize.buzz^
@ -125,6 +124,7 @@
||investinfo.net^
||ironprovpn.me^
||isystemupdate.cloud^
||java-forum.org^
||jetsummer.xyz^
||jointingifstrawberry.xyz^
||jojomamanbebe.ie^
@ -245,7 +245,6 @@
||rewards-promotion-winner-super.cyou^
||rewardsluckygiveawayprize.cyou^
||rewardspromotionwinnersuper.cyou^
||robogarden.io^
||runadvanced-bestgreatlyfile.best^
||rungreatly-bestadvancedfile.best^
||runnewest-bestextremelyfile.best^
@ -357,7 +356,6 @@
||worldwideofficialrewardssuper.cyou^
||worldwideprizegiveawayfree.cyou^
||yifymovies.cam^
||yourlegendaryplaceupgrading.work^
||yourlegendarysystemsupgrade.work^
||yourlinkplaceupdatingfree.work^
||yourmoneymachine.cc^

8
dist/pup-filter-bind.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains BIND Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@ zone "2021travel.net" { type master; notify no; file "null.zone.file"; };
zone "4upgradingstablesafe.work" { type master; notify no; file "null.zone.file"; };
zone "affiliateland.io" { type master; notify no; file "null.zone.file"; };
zone "aikoo.club" { type master; notify no; file "null.zone.file"; };
zone "amobil.online" { type master; notify no; file "null.zone.file"; };
zone "appzfirer.biz" { type master; notify no; file "null.zone.file"; };
zone "armorprovpn.me" { type master; notify no; file "null.zone.file"; };
zone "atprofessor.fun" { type master; notify no; file "null.zone.file"; };
zone "atwater.org" { type master; notify no; file "null.zone.file"; };
zone "auto-car-search.site" { type master; notify no; file "null.zone.file"; };
zone "be-5hdo32xes-ok.live" { type master; notify no; file "null.zone.file"; };
zone "be-n9lnns3n-ok.live" { type master; notify no; file "null.zone.file"; };
zone "be-us-exercise-bikes-ok.live" { type master; notify no; file "null.zone.file"; };
@ -46,7 +46,6 @@ zone "connecttheupgradingurls.work" { type master; notify no; file "null.zone.fi
zone "consumerprotectioncybersecurity.org" { type master; notify no; file "null.zone.file"; };
zone "contentamigo.ru" { type master; notify no; file "null.zone.file"; };
zone "contentarea.ru" { type master; notify no; file "null.zone.file"; };
zone "contentgate.cam" { type master; notify no; file "null.zone.file"; };
zone "contentgate.club" { type master; notify no; file "null.zone.file"; };
zone "country-news.live" { type master; notify no; file "null.zone.file"; };
zone "crazyprize.buzz" { type master; notify no; file "null.zone.file"; };
@ -125,6 +124,7 @@ zone "intelectaction.ru" { type master; notify no; file "null.zone.file"; };
zone "investinfo.net" { type master; notify no; file "null.zone.file"; };
zone "ironprovpn.me" { type master; notify no; file "null.zone.file"; };
zone "isystemupdate.cloud" { type master; notify no; file "null.zone.file"; };
zone "java-forum.org" { type master; notify no; file "null.zone.file"; };
zone "jetsummer.xyz" { type master; notify no; file "null.zone.file"; };
zone "jointingifstrawberry.xyz" { type master; notify no; file "null.zone.file"; };
zone "jojomamanbebe.ie" { type master; notify no; file "null.zone.file"; };
@ -245,7 +245,6 @@ zone "randomprizebigwinofficial.cyou" { type master; notify no; file "null.zone.
zone "rewards-promotion-winner-super.cyou" { type master; notify no; file "null.zone.file"; };
zone "rewardsluckygiveawayprize.cyou" { type master; notify no; file "null.zone.file"; };
zone "rewardspromotionwinnersuper.cyou" { type master; notify no; file "null.zone.file"; };
zone "robogarden.io" { type master; notify no; file "null.zone.file"; };
zone "runadvanced-bestgreatlyfile.best" { type master; notify no; file "null.zone.file"; };
zone "rungreatly-bestadvancedfile.best" { type master; notify no; file "null.zone.file"; };
zone "runnewest-bestextremelyfile.best" { type master; notify no; file "null.zone.file"; };
@ -357,7 +356,6 @@ zone "worldwideofficialpromotion.cyou" { type master; notify no; file "null.zone
zone "worldwideofficialrewardssuper.cyou" { type master; notify no; file "null.zone.file"; };
zone "worldwideprizegiveawayfree.cyou" { type master; notify no; file "null.zone.file"; };
zone "yifymovies.cam" { type master; notify no; file "null.zone.file"; };
zone "yourlegendaryplaceupgrading.work" { type master; notify no; file "null.zone.file"; };
zone "yourlegendarysystemsupgrade.work" { type master; notify no; file "null.zone.file"; };
zone "yourlinkplaceupdatingfree.work" { type master; notify no; file "null.zone.file"; };
zone "yourmoneymachine.cc" { type master; notify no; file "null.zone.file"; };

8
dist/pup-filter-dnscrypt-blocked-names.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Names Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@
4upgradingstablesafe.work
affiliateland.io
aikoo.club
amobil.online
appzfirer.biz
armorprovpn.me
atprofessor.fun
atwater.org
auto-car-search.site
be-5hdo32xes-ok.live
be-n9lnns3n-ok.live
be-us-exercise-bikes-ok.live
@ -46,7 +46,6 @@ connecttheupgradingurls.work
consumerprotectioncybersecurity.org
contentamigo.ru
contentarea.ru
contentgate.cam
contentgate.club
country-news.live
crazyprize.buzz
@ -125,6 +124,7 @@ intelectaction.ru
investinfo.net
ironprovpn.me
isystemupdate.cloud
java-forum.org
jetsummer.xyz
jointingifstrawberry.xyz
jojomamanbebe.ie
@ -245,7 +245,6 @@ randomprizebigwinofficial.cyou
rewards-promotion-winner-super.cyou
rewardsluckygiveawayprize.cyou
rewardspromotionwinnersuper.cyou
robogarden.io
runadvanced-bestgreatlyfile.best
rungreatly-bestadvancedfile.best
runnewest-bestextremelyfile.best
@ -357,7 +356,6 @@ worldwideofficialpromotion.cyou
worldwideofficialrewardssuper.cyou
worldwideprizegiveawayfree.cyou
yifymovies.cam
yourlegendaryplaceupgrading.work
yourlegendarysystemsupgrade.work
yourlinkplaceupdatingfree.work
yourmoneymachine.cc

8
dist/pup-filter-dnsmasq.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains dnsmasq Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@ address=/2021travel.net/0.0.0.0
address=/4upgradingstablesafe.work/0.0.0.0
address=/affiliateland.io/0.0.0.0
address=/aikoo.club/0.0.0.0
address=/amobil.online/0.0.0.0
address=/appzfirer.biz/0.0.0.0
address=/armorprovpn.me/0.0.0.0
address=/atprofessor.fun/0.0.0.0
address=/atwater.org/0.0.0.0
address=/auto-car-search.site/0.0.0.0
address=/be-5hdo32xes-ok.live/0.0.0.0
address=/be-n9lnns3n-ok.live/0.0.0.0
address=/be-us-exercise-bikes-ok.live/0.0.0.0
@ -46,7 +46,6 @@ address=/connecttheupgradingurls.work/0.0.0.0
address=/consumerprotectioncybersecurity.org/0.0.0.0
address=/contentamigo.ru/0.0.0.0
address=/contentarea.ru/0.0.0.0
address=/contentgate.cam/0.0.0.0
address=/contentgate.club/0.0.0.0
address=/country-news.live/0.0.0.0
address=/crazyprize.buzz/0.0.0.0
@ -125,6 +124,7 @@ address=/intelectaction.ru/0.0.0.0
address=/investinfo.net/0.0.0.0
address=/ironprovpn.me/0.0.0.0
address=/isystemupdate.cloud/0.0.0.0
address=/java-forum.org/0.0.0.0
address=/jetsummer.xyz/0.0.0.0
address=/jointingifstrawberry.xyz/0.0.0.0
address=/jojomamanbebe.ie/0.0.0.0
@ -245,7 +245,6 @@ address=/randomprizebigwinofficial.cyou/0.0.0.0
address=/rewards-promotion-winner-super.cyou/0.0.0.0
address=/rewardsluckygiveawayprize.cyou/0.0.0.0
address=/rewardspromotionwinnersuper.cyou/0.0.0.0
address=/robogarden.io/0.0.0.0
address=/runadvanced-bestgreatlyfile.best/0.0.0.0
address=/rungreatly-bestadvancedfile.best/0.0.0.0
address=/runnewest-bestextremelyfile.best/0.0.0.0
@ -357,7 +356,6 @@ address=/worldwideofficialpromotion.cyou/0.0.0.0
address=/worldwideofficialrewardssuper.cyou/0.0.0.0
address=/worldwideprizegiveawayfree.cyou/0.0.0.0
address=/yifymovies.cam/0.0.0.0
address=/yourlegendaryplaceupgrading.work/0.0.0.0
address=/yourlegendarysystemsupgrade.work/0.0.0.0
address=/yourlinkplaceupdatingfree.work/0.0.0.0
address=/yourmoneymachine.cc/0.0.0.0

8
dist/pup-filter-domains.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@
4upgradingstablesafe.work
affiliateland.io
aikoo.club
amobil.online
appzfirer.biz
armorprovpn.me
atprofessor.fun
atwater.org
auto-car-search.site
be-5hdo32xes-ok.live
be-n9lnns3n-ok.live
be-us-exercise-bikes-ok.live
@ -46,7 +46,6 @@ connecttheupgradingurls.work
consumerprotectioncybersecurity.org
contentamigo.ru
contentarea.ru
contentgate.cam
contentgate.club
country-news.live
crazyprize.buzz
@ -125,6 +124,7 @@ intelectaction.ru
investinfo.net
ironprovpn.me
isystemupdate.cloud
java-forum.org
jetsummer.xyz
jointingifstrawberry.xyz
jojomamanbebe.ie
@ -245,7 +245,6 @@ randomprizebigwinofficial.cyou
rewards-promotion-winner-super.cyou
rewardsluckygiveawayprize.cyou
rewardspromotionwinnersuper.cyou
robogarden.io
runadvanced-bestgreatlyfile.best
rungreatly-bestadvancedfile.best
runnewest-bestextremelyfile.best
@ -357,7 +356,6 @@ worldwideofficialpromotion.cyou
worldwideofficialrewardssuper.cyou
worldwideprizegiveawayfree.cyou
yifymovies.cam
yourlegendaryplaceupgrading.work
yourlegendarysystemsupgrade.work
yourlinkplaceupdatingfree.work
yourmoneymachine.cc

8
dist/pup-filter-hosts.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Hosts Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@
0.0.0.0 4upgradingstablesafe.work
0.0.0.0 affiliateland.io
0.0.0.0 aikoo.club
0.0.0.0 amobil.online
0.0.0.0 appzfirer.biz
0.0.0.0 armorprovpn.me
0.0.0.0 atprofessor.fun
0.0.0.0 atwater.org
0.0.0.0 auto-car-search.site
0.0.0.0 be-5hdo32xes-ok.live
0.0.0.0 be-n9lnns3n-ok.live
0.0.0.0 be-us-exercise-bikes-ok.live
@ -46,7 +46,6 @@
0.0.0.0 consumerprotectioncybersecurity.org
0.0.0.0 contentamigo.ru
0.0.0.0 contentarea.ru
0.0.0.0 contentgate.cam
0.0.0.0 contentgate.club
0.0.0.0 country-news.live
0.0.0.0 crazyprize.buzz
@ -125,6 +124,7 @@
0.0.0.0 investinfo.net
0.0.0.0 ironprovpn.me
0.0.0.0 isystemupdate.cloud
0.0.0.0 java-forum.org
0.0.0.0 jetsummer.xyz
0.0.0.0 jointingifstrawberry.xyz
0.0.0.0 jojomamanbebe.ie
@ -245,7 +245,6 @@
0.0.0.0 rewards-promotion-winner-super.cyou
0.0.0.0 rewardsluckygiveawayprize.cyou
0.0.0.0 rewardspromotionwinnersuper.cyou
0.0.0.0 robogarden.io
0.0.0.0 runadvanced-bestgreatlyfile.best
0.0.0.0 rungreatly-bestadvancedfile.best
0.0.0.0 runnewest-bestextremelyfile.best
@ -357,7 +356,6 @@
0.0.0.0 worldwideofficialrewardssuper.cyou
0.0.0.0 worldwideprizegiveawayfree.cyou
0.0.0.0 yifymovies.cam
0.0.0.0 yourlegendaryplaceupgrading.work
0.0.0.0 yourlegendarysystemsupgrade.work
0.0.0.0 yourlinkplaceupdatingfree.work
0.0.0.0 yourmoneymachine.cc

10
dist/pup-filter-rpz.conf vendored
View File

@ -1,24 +1,24 @@
; Title: PUP Domains RPZ Blocklist
; Description: Block domains that host potentially unwanted programs (PUP)
; Updated: Mon, 13 Sep 2021 12:03:07 +0000
; Updated: Tue, 14 Sep 2021 00:02:51 +0000
; Expires: 1 day (update frequency)
; Homepage: https://gitlab.com/curben/pup-filter
; License: https://gitlab.com/curben/pup-filter#license
; Source: https://github.com/zhouhanc/malware-discoverer
$TTL 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1631534587 86400 3600 604800 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1631577771 86400 3600 604800 30
NS localhost.
2021travel.net CNAME .
4upgradingstablesafe.work CNAME .
affiliateland.io CNAME .
aikoo.club CNAME .
amobil.online CNAME .
appzfirer.biz CNAME .
armorprovpn.me CNAME .
atprofessor.fun CNAME .
atwater.org CNAME .
auto-car-search.site CNAME .
be-5hdo32xes-ok.live CNAME .
be-n9lnns3n-ok.live CNAME .
be-us-exercise-bikes-ok.live CNAME .
@ -51,7 +51,6 @@ connecttheupgradingurls.work CNAME .
consumerprotectioncybersecurity.org CNAME .
contentamigo.ru CNAME .
contentarea.ru CNAME .
contentgate.cam CNAME .
contentgate.club CNAME .
country-news.live CNAME .
crazyprize.buzz CNAME .
@ -130,6 +129,7 @@ intelectaction.ru CNAME .
investinfo.net CNAME .
ironprovpn.me CNAME .
isystemupdate.cloud CNAME .
java-forum.org CNAME .
jetsummer.xyz CNAME .
jointingifstrawberry.xyz CNAME .
jojomamanbebe.ie CNAME .
@ -250,7 +250,6 @@ randomprizebigwinofficial.cyou CNAME .
rewards-promotion-winner-super.cyou CNAME .
rewardsluckygiveawayprize.cyou CNAME .
rewardspromotionwinnersuper.cyou CNAME .
robogarden.io CNAME .
runadvanced-bestgreatlyfile.best CNAME .
rungreatly-bestadvancedfile.best CNAME .
runnewest-bestextremelyfile.best CNAME .
@ -362,7 +361,6 @@ worldwideofficialpromotion.cyou CNAME .
worldwideofficialrewardssuper.cyou CNAME .
worldwideprizegiveawayfree.cyou CNAME .
yifymovies.cam CNAME .
yourlegendaryplaceupgrading.work CNAME .
yourlegendarysystemsupgrade.work CNAME .
yourlinkplaceupdatingfree.work CNAME .
yourmoneymachine.cc CNAME .

402
dist/pup-filter-snort2.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort2 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"4upgradingstablesafe.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000002; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"affiliateland.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000003; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"aikoo.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000004; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"amobil.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"armorprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atprofessor.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atwater.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"appzfirer.biz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000005; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"armorprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000006; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atprofessor.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000007; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"atwater.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000008; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"auto-car-search.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000009; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-5hdo32xes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000010; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-n9lnns3n-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000011; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"be-us-exercise-bikes-ok.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000012; rev:1;)
@ -46,85 +46,85 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"consumerprotectioncybersecurity.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000039; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentamigo.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000040; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentarea.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000041; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptotilt.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyboard.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyrep.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"defensepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"delightcmain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"desixxx.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000055; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dollarsurvey365.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000056; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dollarsurvey365.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000057; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"earlyprogress.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000058; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"efladn.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000059; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"elpelades.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000060; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"extrasafe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000061; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fast-app.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000062; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastfactsonline.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000063; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastmapc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000064; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspinc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000065; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspota.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000066; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspotb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000067; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastwebb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000068; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findaupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000069; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"finditquick.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000070; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findoffers.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000071; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findwith.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000072; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fireapps.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fisudauh.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flash-rewards.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.uno"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"freenationalsuperworldwide.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"freewareappsstreamfast-best.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"freewareappsstreamfastall.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funanime.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funny-media.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"get-your-score.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getbril.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getmoregirls.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gettheraiceheadreliefhat.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladplacespin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladspaceplane.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.bar"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"googsistem.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gramp.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hailso.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpages.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"httqzq.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypezen.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incrediblebuzz.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000115; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installcompletely-theoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000116; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"intelectaction.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000117; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"investinfo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000118; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000119; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"isystemupdate.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000120; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"contentgate.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000042; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"country-news.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000043; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"crazyprize.buzz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000044; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"credit-monitoring-360.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000045; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"cryptotilt.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000046; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyboard.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000047; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dailyrep.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000048; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000049; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000050; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dealmedia.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000051; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"defensepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000052; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"delightcmain.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000053; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"desixxx.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000054; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dollarsurvey365.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000055; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"dollarsurvey365.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000056; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"earlyprogress.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000057; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"efladn.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000058; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"elpelades.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000059; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"extrasafe.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000060; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fast-app.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000061; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastfactsonline.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000062; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastmapc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000063; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspinc.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000064; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspota.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000065; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastspotb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000066; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fastwebb.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000067; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findaupgradingurls.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000068; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"finditquick.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000069; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findoffers.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000070; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"findwith.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000071; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fireapps.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000072; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"fisudauh.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000073; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flash-rewards.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000074; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000075; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000076; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000077; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000078; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"flymedia.uno"; content:"Host"; http_header; classtype:web-application-activity; sid:300000079; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"freenationalsuperworldwide.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000080; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"freewareappsstreamfast-best.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000081; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"freewareappsstreamfastall.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000082; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funanime.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000083; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000084; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funny-media.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000085; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"funspine.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000086; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"genertellife.it"; content:"Host"; http_header; classtype:web-application-activity; sid:300000087; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"get-your-score.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000088; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getbril.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000089; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"getmoregirls.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000090; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gettheraiceheadreliefhat.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000091; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"girlsnearyou.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000092; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladmstreet.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000093; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladplacespin.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000094; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gladspaceplane.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000095; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"global-track.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000096; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.bar"; content:"Host"; http_header; classtype:web-application-activity; sid:300000097; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000098; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000099; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"goalmedia.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000100; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"golddellifewonder.rest"; content:"Host"; http_header; classtype:web-application-activity; sid:300000101; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gonesteeldouble.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000102; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"googsistem.live"; content:"Host"; http_header; classtype:web-application-activity; sid:300000103; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"gramp.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000104; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"grandencryptions.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000105; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hailso.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000106; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"healthylives.today"; content:"Host"; http_header; classtype:web-application-activity; sid:300000107; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"heatwavereporter.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000108; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"help4.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000109; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hpages.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000110; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"httqzq.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000111; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"hypezen.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000112; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"imagefind.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000113; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"incrediblebuzz.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000114; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"installcompletely-theoriginalfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000115; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"intelectaction.ru"; content:"Host"; http_header; classtype:web-application-activity; sid:300000116; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"investinfo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000117; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ironprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000118; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"isystemupdate.cloud"; content:"Host"; http_header; classtype:web-application-activity; sid:300000119; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"java-forum.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000120; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jetsummer.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000121; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jointingifstrawberry.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000122; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"jojomamanbebe.ie"; content:"Host"; http_header; classtype:web-application-activity; sid:300000123; rev:1;)
@ -245,120 +245,118 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewards-promotion-winner-super.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000238; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardsluckygiveawayprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000239; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardspromotionwinnersuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000240; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scoopswoop.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sorrectionki.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestnewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamfree-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselysophisticatedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamoverly-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streampreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamprogressive-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamquick-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrenewed-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamspeedyintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamstrong-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamuber-bestspeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamuber-bestswiftfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sudoo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"summermedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-notify.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccurrentmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatestintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmostprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestuberthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrecentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncubercurrentfiles.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdatit.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tackis.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technoblogs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technologypartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thecryptozone.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theirproviderock.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timeoffers.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"toolvpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"top-offers2.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tracking-landers.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trackingsys.tech"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trafficmind.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trane.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tripleprofit-zone.life"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustappstreamsall.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ubertech.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitehealth.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatefix.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplaysite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"useprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usevpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnprosecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnsecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnservice.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchextremely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchgreatly-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchgreatly-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchlatest-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchquick-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchrefined-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-security.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerbigwingiveawaysuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worivo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-national-claim-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-prize-giveaway-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideluckypromotionfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwidenationalclaimfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialrewardssuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideprizegiveawayfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yifymovies.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendaryplaceupgrading.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000241; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rungreatly-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000242; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000243; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000244; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scoopswoop.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000245; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000246; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupgradeset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000247; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4upgradingset.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000248; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchmgr.online"; content:"Host"; http_header; classtype:web-application-activity; sid:300000249; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000250; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000251; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000252; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000253; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopin.nyc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000254; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000255; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000256; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartideas.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000257; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sorrectionki.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000258; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000259; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000260; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000261; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000262; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000263; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000264; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000265; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000266; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000267; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdevelopedintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000268; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000269; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamextremely-bestnewestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000270; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamfree-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000271; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000272; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000273; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000274; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintensely-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000275; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselyrefinedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000276; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamintenselysophisticatedthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000277; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000278; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamlatest-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000279; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000280; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamoverly-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000281; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streampreciseintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000282; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamprogressive-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000283; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamquick-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000284; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000285; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrecent-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000286; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamrenewed-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000287; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamspeedyintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000288; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamstrong-bestuberfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000289; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamuber-bestspeedyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000290; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamuber-bestswiftfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000291; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"subeamy.pw"; content:"Host"; http_header; classtype:web-application-activity; sid:300000292; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sudoo.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000293; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"summermedia.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000294; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"superpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000295; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"support-notify.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000296; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synccurrentmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000297; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"synclatestintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000298; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncmostprecisethefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000299; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestmostthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000300; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncnewestuberthefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000301; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncrecentintenselythefile.vip"; content:"Host"; http_header; classtype:web-application-activity; sid:300000302; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"syncubercurrentfiles.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000303; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdateme.solutions"; content:"Host"; http_header; classtype:web-application-activity; sid:300000304; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"systemupdatit.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000305; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tackis.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000306; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technoblogs.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000307; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"technologypartners.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000308; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thecryptozone.website"; content:"Host"; http_header; classtype:web-application-activity; sid:300000309; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"theirproviderock.top"; content:"Host"; http_header; classtype:web-application-activity; sid:300000310; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"thelastpicture.show"; content:"Host"; http_header; classtype:web-application-activity; sid:300000311; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"timeoffers.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000312; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"toolvpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000313; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"top-offers2.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tracking-landers.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trackingsys.tech"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trafficmind.pro"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trane.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"tripleprofit-zone.life"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"trustappstreamsall.digital"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ubertech.shop"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"unitehealth.club"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"updatefix.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"upplaysite.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usepro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"useprovpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"usevpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnprosecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnsecurity.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"vpnservice.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchadvanced-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchextremely-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchgreatly-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchgreatly-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchlatest-bestgreatlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchquick-bestheavilyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"watchrefined-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"web-security.ml"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"webtactics.ca"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerbigwingiveawaysuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"winnerz.site"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worivo.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-national-claim-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwide-prize-giveaway-free.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideluckypromotionfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwidenationalclaimfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialpromotion.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideofficialrewardssuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"worldwideprizegiveawayfree.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yifymovies.cam"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlegendarysystemsupgrade.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourlinkplaceupdatingfree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yourmoneymachine.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"yoursafestgreatplaceupdates.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)

402
dist/pup-filter-snort3.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort3 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"4upgradingstablesafe.work",nocase; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"affiliateland.io",nocase; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"aikoo.club",nocase; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"amobil.online",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"armorprovpn.me",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atprofessor.fun",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atwater.org",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"appzfirer.biz",nocase; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"armorprovpn.me",nocase; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atprofessor.fun",nocase; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"atwater.org",nocase; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"auto-car-search.site",nocase; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-5hdo32xes-ok.live",nocase; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-n9lnns3n-ok.live",nocase; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"be-us-exercise-bikes-ok.live",nocase; classtype:web-application-activity; sid:300000012; rev:1;)
@ -46,85 +46,85 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"consumerprotectioncybersecurity.org",nocase; classtype:web-application-activity; sid:300000039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentamigo.ru",nocase; classtype:web-application-activity; sid:300000040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentarea.ru",nocase; classtype:web-application-activity; sid:300000041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.cam",nocase; classtype:web-application-activity; sid:300000042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.club",nocase; classtype:web-application-activity; sid:300000043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cryptotilt.club",nocase; classtype:web-application-activity; sid:300000047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyboard.org",nocase; classtype:web-application-activity; sid:300000048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyrep.net",nocase; classtype:web-application-activity; sid:300000049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.club",nocase; classtype:web-application-activity; sid:300000050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.website",nocase; classtype:web-application-activity; sid:300000051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.xyz",nocase; classtype:web-application-activity; sid:300000052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"defensepro.me",nocase; classtype:web-application-activity; sid:300000053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"delightcmain.xyz",nocase; classtype:web-application-activity; sid:300000054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"desixxx.cloud",nocase; classtype:web-application-activity; sid:300000055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dollarsurvey365.online",nocase; classtype:web-application-activity; sid:300000056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dollarsurvey365.org",nocase; classtype:web-application-activity; sid:300000057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"earlyprogress.info",nocase; classtype:web-application-activity; sid:300000058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"efladn.club",nocase; classtype:web-application-activity; sid:300000059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"elpelades.club",nocase; classtype:web-application-activity; sid:300000060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"extrasafe.xyz",nocase; classtype:web-application-activity; sid:300000061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fast-app.xyz",nocase; classtype:web-application-activity; sid:300000062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastfactsonline.co",nocase; classtype:web-application-activity; sid:300000063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastmapc.xyz",nocase; classtype:web-application-activity; sid:300000064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspinc.xyz",nocase; classtype:web-application-activity; sid:300000065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspota.xyz",nocase; classtype:web-application-activity; sid:300000066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspotb.xyz",nocase; classtype:web-application-activity; sid:300000067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastwebb.xyz",nocase; classtype:web-application-activity; sid:300000068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findaupgradingurls.work",nocase; classtype:web-application-activity; sid:300000069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"finditquick.online",nocase; classtype:web-application-activity; sid:300000070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findoffers.co",nocase; classtype:web-application-activity; sid:300000071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findwith.me",nocase; classtype:web-application-activity; sid:300000072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fireapps.cloud",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fisudauh.top",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flash-rewards.info",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.cam",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.club",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.fun",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.online",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.uno",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"freenationalsuperworldwide.cyou",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"freewareappsstreamfast-best.digital",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"freewareappsstreamfastall.digital",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funanime.me",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funmapd.xyz",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funny-media.ru",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"get-your-score.club",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getbril.io",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getmoregirls.net",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gettheraiceheadreliefhat.io",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladplacespin.xyz",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladspaceplane.xyz",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.bar",nocase; classtype:web-application-activity; sid:300000098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.cam",nocase; classtype:web-application-activity; sid:300000099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.club",nocase; classtype:web-application-activity; sid:300000100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.monster",nocase; classtype:web-application-activity; sid:300000101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"googsistem.live",nocase; classtype:web-application-activity; sid:300000104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gramp.xyz",nocase; classtype:web-application-activity; sid:300000105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hailso.xyz",nocase; classtype:web-application-activity; sid:300000107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hpages.net",nocase; classtype:web-application-activity; sid:300000111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"httqzq.vip",nocase; classtype:web-application-activity; sid:300000112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hypezen.info",nocase; classtype:web-application-activity; sid:300000113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incrediblebuzz.info",nocase; classtype:web-application-activity; sid:300000115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installcompletely-theoriginalfile.best",nocase; classtype:web-application-activity; sid:300000116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"intelectaction.ru",nocase; classtype:web-application-activity; sid:300000117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"investinfo.net",nocase; classtype:web-application-activity; sid:300000118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ironprovpn.me",nocase; classtype:web-application-activity; sid:300000119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"isystemupdate.cloud",nocase; classtype:web-application-activity; sid:300000120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"contentgate.club",nocase; classtype:web-application-activity; sid:300000042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"country-news.live",nocase; classtype:web-application-activity; sid:300000043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"crazyprize.buzz",nocase; classtype:web-application-activity; sid:300000044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"credit-monitoring-360.xyz",nocase; classtype:web-application-activity; sid:300000045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"cryptotilt.club",nocase; classtype:web-application-activity; sid:300000046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyboard.org",nocase; classtype:web-application-activity; sid:300000047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dailyrep.net",nocase; classtype:web-application-activity; sid:300000048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.club",nocase; classtype:web-application-activity; sid:300000049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.website",nocase; classtype:web-application-activity; sid:300000050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dealmedia.xyz",nocase; classtype:web-application-activity; sid:300000051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"defensepro.me",nocase; classtype:web-application-activity; sid:300000052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"delightcmain.xyz",nocase; classtype:web-application-activity; sid:300000053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"desixxx.cloud",nocase; classtype:web-application-activity; sid:300000054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dollarsurvey365.online",nocase; classtype:web-application-activity; sid:300000055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"dollarsurvey365.org",nocase; classtype:web-application-activity; sid:300000056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"earlyprogress.info",nocase; classtype:web-application-activity; sid:300000057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"efladn.club",nocase; classtype:web-application-activity; sid:300000058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"elpelades.club",nocase; classtype:web-application-activity; sid:300000059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"extrasafe.xyz",nocase; classtype:web-application-activity; sid:300000060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fast-app.xyz",nocase; classtype:web-application-activity; sid:300000061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastfactsonline.co",nocase; classtype:web-application-activity; sid:300000062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastmapc.xyz",nocase; classtype:web-application-activity; sid:300000063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspinc.xyz",nocase; classtype:web-application-activity; sid:300000064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspota.xyz",nocase; classtype:web-application-activity; sid:300000065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastspotb.xyz",nocase; classtype:web-application-activity; sid:300000066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fastwebb.xyz",nocase; classtype:web-application-activity; sid:300000067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findaupgradingurls.work",nocase; classtype:web-application-activity; sid:300000068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"finditquick.online",nocase; classtype:web-application-activity; sid:300000069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findoffers.co",nocase; classtype:web-application-activity; sid:300000070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"findwith.me",nocase; classtype:web-application-activity; sid:300000071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fireapps.cloud",nocase; classtype:web-application-activity; sid:300000072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"fisudauh.top",nocase; classtype:web-application-activity; sid:300000073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flash-rewards.info",nocase; classtype:web-application-activity; sid:300000074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.cam",nocase; classtype:web-application-activity; sid:300000075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.club",nocase; classtype:web-application-activity; sid:300000076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.fun",nocase; classtype:web-application-activity; sid:300000077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.online",nocase; classtype:web-application-activity; sid:300000078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"flymedia.uno",nocase; classtype:web-application-activity; sid:300000079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"freenationalsuperworldwide.cyou",nocase; classtype:web-application-activity; sid:300000080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"freewareappsstreamfast-best.digital",nocase; classtype:web-application-activity; sid:300000081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"freewareappsstreamfastall.digital",nocase; classtype:web-application-activity; sid:300000082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funanime.me",nocase; classtype:web-application-activity; sid:300000083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funmapd.xyz",nocase; classtype:web-application-activity; sid:300000084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funny-media.ru",nocase; classtype:web-application-activity; sid:300000085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"funspine.xyz",nocase; classtype:web-application-activity; sid:300000086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"genertellife.it",nocase; classtype:web-application-activity; sid:300000087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"get-your-score.club",nocase; classtype:web-application-activity; sid:300000088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getbril.io",nocase; classtype:web-application-activity; sid:300000089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"getmoregirls.net",nocase; classtype:web-application-activity; sid:300000090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gettheraiceheadreliefhat.io",nocase; classtype:web-application-activity; sid:300000091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"girlsnearyou.online",nocase; classtype:web-application-activity; sid:300000092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladmstreet.xyz",nocase; classtype:web-application-activity; sid:300000093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladplacespin.xyz",nocase; classtype:web-application-activity; sid:300000094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gladspaceplane.xyz",nocase; classtype:web-application-activity; sid:300000095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"global-track.space",nocase; classtype:web-application-activity; sid:300000096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.bar",nocase; classtype:web-application-activity; sid:300000097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.cam",nocase; classtype:web-application-activity; sid:300000098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.club",nocase; classtype:web-application-activity; sid:300000099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"goalmedia.monster",nocase; classtype:web-application-activity; sid:300000100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"golddellifewonder.rest",nocase; classtype:web-application-activity; sid:300000101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gonesteeldouble.top",nocase; classtype:web-application-activity; sid:300000102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"googsistem.live",nocase; classtype:web-application-activity; sid:300000103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"gramp.xyz",nocase; classtype:web-application-activity; sid:300000104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"grandencryptions.me",nocase; classtype:web-application-activity; sid:300000105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hailso.xyz",nocase; classtype:web-application-activity; sid:300000106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"healthylives.today",nocase; classtype:web-application-activity; sid:300000107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"heatwavereporter.org",nocase; classtype:web-application-activity; sid:300000108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"help4.info",nocase; classtype:web-application-activity; sid:300000109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hpages.net",nocase; classtype:web-application-activity; sid:300000110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"httqzq.vip",nocase; classtype:web-application-activity; sid:300000111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"hypezen.info",nocase; classtype:web-application-activity; sid:300000112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"imagefind.org",nocase; classtype:web-application-activity; sid:300000113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"incrediblebuzz.info",nocase; classtype:web-application-activity; sid:300000114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"installcompletely-theoriginalfile.best",nocase; classtype:web-application-activity; sid:300000115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"intelectaction.ru",nocase; classtype:web-application-activity; sid:300000116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"investinfo.net",nocase; classtype:web-application-activity; sid:300000117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ironprovpn.me",nocase; classtype:web-application-activity; sid:300000118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"isystemupdate.cloud",nocase; classtype:web-application-activity; sid:300000119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"java-forum.org",nocase; classtype:web-application-activity; sid:300000120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jetsummer.xyz",nocase; classtype:web-application-activity; sid:300000121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jointingifstrawberry.xyz",nocase; classtype:web-application-activity; sid:300000122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"jojomamanbebe.ie",nocase; classtype:web-application-activity; sid:300000123; rev:1;)
@ -245,120 +245,118 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewards-promotion-winner-super.cyou",nocase; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardsluckygiveawayprize.cyou",nocase; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardspromotionwinnersuper.cyou",nocase; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scoopswoop.info",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sorrectionki.space",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestnewestfile.best",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamfree-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselysophisticatedthefile.vip",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamoverly-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streampreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamprogressive-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamquick-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrenewed-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamspeedyintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamstrong-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamuber-bestspeedyfile.best",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamuber-bestswiftfile.best",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sudoo.net",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"summermedia.club",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superpromotion.cyou",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"support-notify.space",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccurrentmostthefile.vip",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatestintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncmostprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestmostthefile.vip",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestuberthefile.vip",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrecentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncubercurrentfiles.best",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdatit.club",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tackis.xyz",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technoblogs.net",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technologypartners.net",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thecryptozone.website",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theirproviderock.top",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timeoffers.net",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"toolvpn.me",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"top-offers2.club",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tracking-landers.xyz",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trackingsys.tech",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trafficmind.pro",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trane.fun",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tripleprofit-zone.life",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trustappstreamsall.digital",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ubertech.shop",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"unitehealth.club",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatefix.xyz",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplaysite.xyz",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usepro.me",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"useprovpn.me",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usevpnpro.me",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnprosecurity.me",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnsecurity.me",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnservice.me",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchextremely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchgreatly-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchgreatly-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchlatest-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchquick-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchrefined-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"web-security.ml",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerbigwingiveawaysuper.cyou",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.site",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worivo.info",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-national-claim-free.cyou",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-prize-giveaway-free.cyou",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideluckypromotionfree.cyou",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwidenationalclaimfree.cyou",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialrewardssuper.cyou",nocase; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideprizegiveawayfree.cyou",nocase; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yifymovies.cam",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendaryplaceupgrading.work",nocase; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rungreatly-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scoopswoop.info",nocase; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupgradeset.info",nocase; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4upgradingset.info",nocase; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchmgr.online",nocase; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopin.nyc",nocase; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartideas.pro",nocase; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sorrectionki.space",nocase; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapf.xyz",nocase; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdevelopedintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamextremely-bestnewestfile.best",nocase; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamfree-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintensely-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselyrefinedthefile.vip",nocase; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamintenselysophisticatedthefile.vip",nocase; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamlatest-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamoverly-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streampreciseintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamprogressive-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamquick-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrecent-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamrenewed-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamspeedyintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamstrong-bestuberfile.best",nocase; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamuber-bestspeedyfile.best",nocase; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamuber-bestswiftfile.best",nocase; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"subeamy.pw",nocase; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sudoo.net",nocase; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"summermedia.club",nocase; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"superpromotion.cyou",nocase; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"support-notify.space",nocase; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synccurrentmostthefile.vip",nocase; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"synclatestintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncmostprecisethefile.vip",nocase; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestmostthefile.vip",nocase; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncnewestuberthefile.vip",nocase; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncrecentintenselythefile.vip",nocase; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"syncubercurrentfiles.best",nocase; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdateme.solutions",nocase; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"systemupdatit.club",nocase; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tackis.xyz",nocase; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technoblogs.net",nocase; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"technologypartners.net",nocase; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thecryptozone.website",nocase; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"theirproviderock.top",nocase; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"thelastpicture.show",nocase; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"timeoffers.net",nocase; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"toolvpn.me",nocase; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"top-offers2.club",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tracking-landers.xyz",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trackingsys.tech",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trafficmind.pro",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trane.fun",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"tripleprofit-zone.life",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"trustappstreamsall.digital",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ubertech.shop",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"unitehealth.club",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"updatefix.xyz",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"upplaysite.xyz",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usepro.me",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"useprovpn.me",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"usevpnpro.me",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnprosecurity.me",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnsecurity.me",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"vpnservice.me",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchadvanced-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchextremely-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchgreatly-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchgreatly-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchlatest-bestgreatlyfile.best",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchquick-bestheavilyfile.best",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"watchrefined-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"web-security.ml",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"webtactics.ca",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerbigwingiveawaysuper.cyou",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"winnerz.site",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worivo.info",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-national-claim-free.cyou",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwide-prize-giveaway-free.cyou",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideluckypromotionfree.cyou",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwidenationalclaimfree.cyou",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialpromotion.cyou",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideofficialrewardssuper.cyou",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"worldwideprizegiveawayfree.cyou",nocase; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yifymovies.cam",nocase; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlegendarysystemsupgrade.work",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourlinkplaceupdatingfree.work",nocase; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yourmoneymachine.cc",nocase; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"yoursafestgreatplaceupdates.work",nocase; classtype:web-application-activity; sid:300000355; rev:1;)

402
dist/pup-filter-suricata.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Suricata Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4upgradingstablesafe.work"; classtype:web-application-activity; sid:300000002; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"affiliateland.io"; classtype:web-application-activity; sid:300000003; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"aikoo.club"; classtype:web-application-activity; sid:300000004; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amobil.online"; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"armorprovpn.me"; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atprofessor.fun"; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atwater.org"; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"appzfirer.biz"; classtype:web-application-activity; sid:300000005; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"armorprovpn.me"; classtype:web-application-activity; sid:300000006; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atprofessor.fun"; classtype:web-application-activity; sid:300000007; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"atwater.org"; classtype:web-application-activity; sid:300000008; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-car-search.site"; classtype:web-application-activity; sid:300000009; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-5hdo32xes-ok.live"; classtype:web-application-activity; sid:300000010; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-n9lnns3n-ok.live"; classtype:web-application-activity; sid:300000011; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"be-us-exercise-bikes-ok.live"; classtype:web-application-activity; sid:300000012; rev:1;)
@ -46,85 +46,85 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"consumerprotectioncybersecurity.org"; classtype:web-application-activity; sid:300000039; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentamigo.ru"; classtype:web-application-activity; sid:300000040; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentarea.ru"; classtype:web-application-activity; sid:300000041; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.cam"; classtype:web-application-activity; sid:300000042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.club"; classtype:web-application-activity; sid:300000043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptotilt.club"; classtype:web-application-activity; sid:300000047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyboard.org"; classtype:web-application-activity; sid:300000048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyrep.net"; classtype:web-application-activity; sid:300000049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.club"; classtype:web-application-activity; sid:300000050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.website"; classtype:web-application-activity; sid:300000051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.xyz"; classtype:web-application-activity; sid:300000052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"defensepro.me"; classtype:web-application-activity; sid:300000053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delightcmain.xyz"; classtype:web-application-activity; sid:300000054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desixxx.cloud"; classtype:web-application-activity; sid:300000055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dollarsurvey365.online"; classtype:web-application-activity; sid:300000056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dollarsurvey365.org"; classtype:web-application-activity; sid:300000057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"earlyprogress.info"; classtype:web-application-activity; sid:300000058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efladn.club"; classtype:web-application-activity; sid:300000059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpelades.club"; classtype:web-application-activity; sid:300000060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"extrasafe.xyz"; classtype:web-application-activity; sid:300000061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fast-app.xyz"; classtype:web-application-activity; sid:300000062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastfactsonline.co"; classtype:web-application-activity; sid:300000063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastmapc.xyz"; classtype:web-application-activity; sid:300000064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspinc.xyz"; classtype:web-application-activity; sid:300000065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspota.xyz"; classtype:web-application-activity; sid:300000066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspotb.xyz"; classtype:web-application-activity; sid:300000067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastwebb.xyz"; classtype:web-application-activity; sid:300000068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findaupgradingurls.work"; classtype:web-application-activity; sid:300000069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finditquick.online"; classtype:web-application-activity; sid:300000070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findoffers.co"; classtype:web-application-activity; sid:300000071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findwith.me"; classtype:web-application-activity; sid:300000072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fireapps.cloud"; classtype:web-application-activity; sid:300000073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fisudauh.top"; classtype:web-application-activity; sid:300000074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flash-rewards.info"; classtype:web-application-activity; sid:300000075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.cam"; classtype:web-application-activity; sid:300000076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.club"; classtype:web-application-activity; sid:300000077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.fun"; classtype:web-application-activity; sid:300000078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.online"; classtype:web-application-activity; sid:300000079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.uno"; classtype:web-application-activity; sid:300000080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freenationalsuperworldwide.cyou"; classtype:web-application-activity; sid:300000081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freewareappsstreamfast-best.digital"; classtype:web-application-activity; sid:300000082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freewareappsstreamfastall.digital"; classtype:web-application-activity; sid:300000083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funanime.me"; classtype:web-application-activity; sid:300000084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funmapd.xyz"; classtype:web-application-activity; sid:300000085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funny-media.ru"; classtype:web-application-activity; sid:300000086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"get-your-score.club"; classtype:web-application-activity; sid:300000089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getbril.io"; classtype:web-application-activity; sid:300000090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getmoregirls.net"; classtype:web-application-activity; sid:300000091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gettheraiceheadreliefhat.io"; classtype:web-application-activity; sid:300000092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladplacespin.xyz"; classtype:web-application-activity; sid:300000095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladspaceplane.xyz"; classtype:web-application-activity; sid:300000096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.bar"; classtype:web-application-activity; sid:300000098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.cam"; classtype:web-application-activity; sid:300000099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.club"; classtype:web-application-activity; sid:300000100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.monster"; classtype:web-application-activity; sid:300000101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"googsistem.live"; classtype:web-application-activity; sid:300000104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gramp.xyz"; classtype:web-application-activity; sid:300000105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hailso.xyz"; classtype:web-application-activity; sid:300000107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpages.net"; classtype:web-application-activity; sid:300000111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httqzq.vip"; classtype:web-application-activity; sid:300000112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypezen.info"; classtype:web-application-activity; sid:300000113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incrediblebuzz.info"; classtype:web-application-activity; sid:300000115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installcompletely-theoriginalfile.best"; classtype:web-application-activity; sid:300000116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intelectaction.ru"; classtype:web-application-activity; sid:300000117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investinfo.net"; classtype:web-application-activity; sid:300000118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironprovpn.me"; classtype:web-application-activity; sid:300000119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isystemupdate.cloud"; classtype:web-application-activity; sid:300000120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"contentgate.club"; classtype:web-application-activity; sid:300000042; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"country-news.live"; classtype:web-application-activity; sid:300000043; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"crazyprize.buzz"; classtype:web-application-activity; sid:300000044; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitoring-360.xyz"; classtype:web-application-activity; sid:300000045; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptotilt.club"; classtype:web-application-activity; sid:300000046; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyboard.org"; classtype:web-application-activity; sid:300000047; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dailyrep.net"; classtype:web-application-activity; sid:300000048; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.club"; classtype:web-application-activity; sid:300000049; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.website"; classtype:web-application-activity; sid:300000050; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dealmedia.xyz"; classtype:web-application-activity; sid:300000051; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"defensepro.me"; classtype:web-application-activity; sid:300000052; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delightcmain.xyz"; classtype:web-application-activity; sid:300000053; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"desixxx.cloud"; classtype:web-application-activity; sid:300000054; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dollarsurvey365.online"; classtype:web-application-activity; sid:300000055; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dollarsurvey365.org"; classtype:web-application-activity; sid:300000056; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"earlyprogress.info"; classtype:web-application-activity; sid:300000057; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"efladn.club"; classtype:web-application-activity; sid:300000058; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"elpelades.club"; classtype:web-application-activity; sid:300000059; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"extrasafe.xyz"; classtype:web-application-activity; sid:300000060; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fast-app.xyz"; classtype:web-application-activity; sid:300000061; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastfactsonline.co"; classtype:web-application-activity; sid:300000062; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastmapc.xyz"; classtype:web-application-activity; sid:300000063; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspinc.xyz"; classtype:web-application-activity; sid:300000064; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspota.xyz"; classtype:web-application-activity; sid:300000065; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspotb.xyz"; classtype:web-application-activity; sid:300000066; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastwebb.xyz"; classtype:web-application-activity; sid:300000067; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findaupgradingurls.work"; classtype:web-application-activity; sid:300000068; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"finditquick.online"; classtype:web-application-activity; sid:300000069; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findoffers.co"; classtype:web-application-activity; sid:300000070; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findwith.me"; classtype:web-application-activity; sid:300000071; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fireapps.cloud"; classtype:web-application-activity; sid:300000072; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fisudauh.top"; classtype:web-application-activity; sid:300000073; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flash-rewards.info"; classtype:web-application-activity; sid:300000074; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.cam"; classtype:web-application-activity; sid:300000075; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.club"; classtype:web-application-activity; sid:300000076; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.fun"; classtype:web-application-activity; sid:300000077; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.online"; classtype:web-application-activity; sid:300000078; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"flymedia.uno"; classtype:web-application-activity; sid:300000079; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freenationalsuperworldwide.cyou"; classtype:web-application-activity; sid:300000080; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freewareappsstreamfast-best.digital"; classtype:web-application-activity; sid:300000081; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freewareappsstreamfastall.digital"; classtype:web-application-activity; sid:300000082; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funanime.me"; classtype:web-application-activity; sid:300000083; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funmapd.xyz"; classtype:web-application-activity; sid:300000084; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funny-media.ru"; classtype:web-application-activity; sid:300000085; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspine.xyz"; classtype:web-application-activity; sid:300000086; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"genertellife.it"; classtype:web-application-activity; sid:300000087; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"get-your-score.club"; classtype:web-application-activity; sid:300000088; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getbril.io"; classtype:web-application-activity; sid:300000089; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getmoregirls.net"; classtype:web-application-activity; sid:300000090; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gettheraiceheadreliefhat.io"; classtype:web-application-activity; sid:300000091; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"girlsnearyou.online"; classtype:web-application-activity; sid:300000092; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladmstreet.xyz"; classtype:web-application-activity; sid:300000093; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladplacespin.xyz"; classtype:web-application-activity; sid:300000094; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladspaceplane.xyz"; classtype:web-application-activity; sid:300000095; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"global-track.space"; classtype:web-application-activity; sid:300000096; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.bar"; classtype:web-application-activity; sid:300000097; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.cam"; classtype:web-application-activity; sid:300000098; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.club"; classtype:web-application-activity; sid:300000099; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"goalmedia.monster"; classtype:web-application-activity; sid:300000100; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"golddellifewonder.rest"; classtype:web-application-activity; sid:300000101; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gonesteeldouble.top"; classtype:web-application-activity; sid:300000102; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"googsistem.live"; classtype:web-application-activity; sid:300000103; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gramp.xyz"; classtype:web-application-activity; sid:300000104; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandencryptions.me"; classtype:web-application-activity; sid:300000105; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hailso.xyz"; classtype:web-application-activity; sid:300000106; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthylives.today"; classtype:web-application-activity; sid:300000107; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"heatwavereporter.org"; classtype:web-application-activity; sid:300000108; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"help4.info"; classtype:web-application-activity; sid:300000109; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hpages.net"; classtype:web-application-activity; sid:300000110; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"httqzq.vip"; classtype:web-application-activity; sid:300000111; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hypezen.info"; classtype:web-application-activity; sid:300000112; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"imagefind.org"; classtype:web-application-activity; sid:300000113; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"incrediblebuzz.info"; classtype:web-application-activity; sid:300000114; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"installcompletely-theoriginalfile.best"; classtype:web-application-activity; sid:300000115; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"intelectaction.ru"; classtype:web-application-activity; sid:300000116; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"investinfo.net"; classtype:web-application-activity; sid:300000117; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ironprovpn.me"; classtype:web-application-activity; sid:300000118; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"isystemupdate.cloud"; classtype:web-application-activity; sid:300000119; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"java-forum.org"; classtype:web-application-activity; sid:300000120; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jetsummer.xyz"; classtype:web-application-activity; sid:300000121; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jointingifstrawberry.xyz"; classtype:web-application-activity; sid:300000122; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jojomamanbebe.ie"; classtype:web-application-activity; sid:300000123; rev:1;)
@ -245,120 +245,118 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewards-promotion-winner-super.cyou"; classtype:web-application-activity; sid:300000238; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardsluckygiveawayprize.cyou"; classtype:web-application-activity; sid:300000239; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardspromotionwinnersuper.cyou"; classtype:web-application-activity; sid:300000240; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scoopswoop.info"; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sorrectionki.space"; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestnewestfile.best"; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamfree-bestmostfile.best"; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestlatestfile.best"; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestquickfile.best"; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselysophisticatedthefile.vip"; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestoverlyfile.best"; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamoverly-bestrenewedfile.best"; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streampreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamprogressive-bestoverlyfile.best"; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamquick-bestmostfile.best"; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestintenselyfile.best"; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestuberfile.best"; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrenewed-bestoverlyfile.best"; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamspeedyintenselythefile.vip"; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamstrong-bestuberfile.best"; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamuber-bestspeedyfile.best"; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamuber-bestswiftfile.best"; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sudoo.net"; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"summermedia.club"; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superpromotion.cyou"; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-notify.space"; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccurrentmostthefile.vip"; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatestintenselythefile.vip"; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmostprecisethefile.vip"; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestmostthefile.vip"; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestuberthefile.vip"; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrecentintenselythefile.vip"; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncubercurrentfiles.best"; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdatit.club"; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tackis.xyz"; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technoblogs.net"; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technologypartners.net"; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thecryptozone.website"; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theirproviderock.top"; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timeoffers.net"; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toolvpn.me"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top-offers2.club"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tracking-landers.xyz"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trackingsys.tech"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficmind.pro"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trane.fun"; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tripleprofit-zone.life"; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustappstreamsall.digital"; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ubertech.shop"; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitehealth.club"; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatefix.xyz"; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplaysite.xyz"; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usepro.me"; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"useprovpn.me"; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usevpnpro.me"; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnprosecurity.me"; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnsecurity.me"; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnservice.me"; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchextremely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchgreatly-bestcurrentfile.best"; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchgreatly-bestlatestfile.best"; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchlatest-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchquick-bestheavilyfile.best"; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchrefined-bestextremelyfile.best"; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-security.ml"; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerbigwingiveawaysuper.cyou"; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.site"; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worivo.info"; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-national-claim-free.cyou"; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-prize-giveaway-free.cyou"; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideluckypromotionfree.cyou"; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwidenationalclaimfree.cyou"; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialrewardssuper.cyou"; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideprizegiveawayfree.cyou"; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yifymovies.cam"; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrading.work"; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000241; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rungreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000242; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000243; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000244; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scoopswoop.info"; classtype:web-application-activity; sid:300000245; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000246; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupgradeset.info"; classtype:web-application-activity; sid:300000247; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4upgradingset.info"; classtype:web-application-activity; sid:300000248; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchmgr.online"; classtype:web-application-activity; sid:300000249; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000250; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000251; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000252; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000253; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopin.nyc"; classtype:web-application-activity; sid:300000254; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000255; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000256; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartideas.pro"; classtype:web-application-activity; sid:300000257; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sorrectionki.space"; classtype:web-application-activity; sid:300000258; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000259; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapf.xyz"; classtype:web-application-activity; sid:300000260; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000261; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000262; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000263; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000264; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000265; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000266; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000267; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdevelopedintenselythefile.vip"; classtype:web-application-activity; sid:300000268; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000269; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamextremely-bestnewestfile.best"; classtype:web-application-activity; sid:300000270; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamfree-bestmostfile.best"; classtype:web-application-activity; sid:300000271; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000272; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000273; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestlatestfile.best"; classtype:web-application-activity; sid:300000274; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintensely-bestquickfile.best"; classtype:web-application-activity; sid:300000275; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselyrefinedthefile.vip"; classtype:web-application-activity; sid:300000276; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamintenselysophisticatedthefile.vip"; classtype:web-application-activity; sid:300000277; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000278; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamlatest-bestoverlyfile.best"; classtype:web-application-activity; sid:300000279; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000280; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamoverly-bestrenewedfile.best"; classtype:web-application-activity; sid:300000281; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streampreciseintenselythefile.vip"; classtype:web-application-activity; sid:300000282; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamprogressive-bestoverlyfile.best"; classtype:web-application-activity; sid:300000283; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamquick-bestmostfile.best"; classtype:web-application-activity; sid:300000284; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestintenselyfile.best"; classtype:web-application-activity; sid:300000285; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrecent-bestuberfile.best"; classtype:web-application-activity; sid:300000286; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamrenewed-bestoverlyfile.best"; classtype:web-application-activity; sid:300000287; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamspeedyintenselythefile.vip"; classtype:web-application-activity; sid:300000288; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamstrong-bestuberfile.best"; classtype:web-application-activity; sid:300000289; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamuber-bestspeedyfile.best"; classtype:web-application-activity; sid:300000290; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamuber-bestswiftfile.best"; classtype:web-application-activity; sid:300000291; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000292; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sudoo.net"; classtype:web-application-activity; sid:300000293; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"summermedia.club"; classtype:web-application-activity; sid:300000294; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superpromotion.cyou"; classtype:web-application-activity; sid:300000295; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"support-notify.space"; classtype:web-application-activity; sid:300000296; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccurrentmostthefile.vip"; classtype:web-application-activity; sid:300000297; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatestintenselythefile.vip"; classtype:web-application-activity; sid:300000298; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncmostprecisethefile.vip"; classtype:web-application-activity; sid:300000299; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestmostthefile.vip"; classtype:web-application-activity; sid:300000300; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncnewestuberthefile.vip"; classtype:web-application-activity; sid:300000301; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrecentintenselythefile.vip"; classtype:web-application-activity; sid:300000302; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncubercurrentfiles.best"; classtype:web-application-activity; sid:300000303; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdateme.solutions"; classtype:web-application-activity; sid:300000304; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"systemupdatit.club"; classtype:web-application-activity; sid:300000305; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tackis.xyz"; classtype:web-application-activity; sid:300000306; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technoblogs.net"; classtype:web-application-activity; sid:300000307; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"technologypartners.net"; classtype:web-application-activity; sid:300000308; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thecryptozone.website"; classtype:web-application-activity; sid:300000309; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theirproviderock.top"; classtype:web-application-activity; sid:300000310; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000311; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"timeoffers.net"; classtype:web-application-activity; sid:300000312; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toolvpn.me"; classtype:web-application-activity; sid:300000313; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"top-offers2.club"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tracking-landers.xyz"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trackingsys.tech"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficmind.pro"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trane.fun"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tripleprofit-zone.life"; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trustappstreamsall.digital"; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ubertech.shop"; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unitehealth.club"; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatefix.xyz"; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplaysite.xyz"; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usepro.me"; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"useprovpn.me"; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"usevpnpro.me"; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnprosecurity.me"; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnsecurity.me"; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnservice.me"; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchadvanced-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchextremely-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchgreatly-bestcurrentfile.best"; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchgreatly-bestlatestfile.best"; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchlatest-bestgreatlyfile.best"; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchquick-bestheavilyfile.best"; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"watchrefined-bestextremelyfile.best"; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"web-security.ml"; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"webtactics.ca"; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerbigwingiveawaysuper.cyou"; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"winnerz.site"; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worivo.info"; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-national-claim-free.cyou"; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwide-prize-giveaway-free.cyou"; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideluckypromotionfree.cyou"; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwidenationalclaimfree.cyou"; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialpromotion.cyou"; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideofficialrewardssuper.cyou"; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"worldwideprizegiveawayfree.cyou"; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yifymovies.cam"; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendarysystemsupgrade.work"; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlinkplaceupdatingfree.work"; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourmoneymachine.cc"; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestgreatplaceupdates.work"; classtype:web-application-activity; sid:300000355; rev:1;)

8
dist/pup-filter-unbound.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Unbound Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@ local-zone: "2021travel.net" always_nxdomain
local-zone: "4upgradingstablesafe.work" always_nxdomain
local-zone: "affiliateland.io" always_nxdomain
local-zone: "aikoo.club" always_nxdomain
local-zone: "amobil.online" always_nxdomain
local-zone: "appzfirer.biz" always_nxdomain
local-zone: "armorprovpn.me" always_nxdomain
local-zone: "atprofessor.fun" always_nxdomain
local-zone: "atwater.org" always_nxdomain
local-zone: "auto-car-search.site" always_nxdomain
local-zone: "be-5hdo32xes-ok.live" always_nxdomain
local-zone: "be-n9lnns3n-ok.live" always_nxdomain
local-zone: "be-us-exercise-bikes-ok.live" always_nxdomain
@ -46,7 +46,6 @@ local-zone: "connecttheupgradingurls.work" always_nxdomain
local-zone: "consumerprotectioncybersecurity.org" always_nxdomain
local-zone: "contentamigo.ru" always_nxdomain
local-zone: "contentarea.ru" always_nxdomain
local-zone: "contentgate.cam" always_nxdomain
local-zone: "contentgate.club" always_nxdomain
local-zone: "country-news.live" always_nxdomain
local-zone: "crazyprize.buzz" always_nxdomain
@ -125,6 +124,7 @@ local-zone: "intelectaction.ru" always_nxdomain
local-zone: "investinfo.net" always_nxdomain
local-zone: "ironprovpn.me" always_nxdomain
local-zone: "isystemupdate.cloud" always_nxdomain
local-zone: "java-forum.org" always_nxdomain
local-zone: "jetsummer.xyz" always_nxdomain
local-zone: "jointingifstrawberry.xyz" always_nxdomain
local-zone: "jojomamanbebe.ie" always_nxdomain
@ -245,7 +245,6 @@ local-zone: "randomprizebigwinofficial.cyou" always_nxdomain
local-zone: "rewards-promotion-winner-super.cyou" always_nxdomain
local-zone: "rewardsluckygiveawayprize.cyou" always_nxdomain
local-zone: "rewardspromotionwinnersuper.cyou" always_nxdomain
local-zone: "robogarden.io" always_nxdomain
local-zone: "runadvanced-bestgreatlyfile.best" always_nxdomain
local-zone: "rungreatly-bestadvancedfile.best" always_nxdomain
local-zone: "runnewest-bestextremelyfile.best" always_nxdomain
@ -357,7 +356,6 @@ local-zone: "worldwideofficialpromotion.cyou" always_nxdomain
local-zone: "worldwideofficialrewardssuper.cyou" always_nxdomain
local-zone: "worldwideprizegiveawayfree.cyou" always_nxdomain
local-zone: "yifymovies.cam" always_nxdomain
local-zone: "yourlegendaryplaceupgrading.work" always_nxdomain
local-zone: "yourlegendarysystemsupgrade.work" always_nxdomain
local-zone: "yourlinkplaceupdatingfree.work" always_nxdomain
local-zone: "yourmoneymachine.cc" always_nxdomain

8
dist/pup-filter-vivaldi.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (Vivaldi)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Mon, 13 Sep 2021 12:03:07 +0000
! Updated: Tue, 14 Sep 2021 00:02:51 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@
||4upgradingstablesafe.work$document
||affiliateland.io$document
||aikoo.club$document
||amobil.online$document
||appzfirer.biz$document
||armorprovpn.me$document
||atprofessor.fun$document
||atwater.org$document
||auto-car-search.site$document
||be-5hdo32xes-ok.live$document
||be-n9lnns3n-ok.live$document
||be-us-exercise-bikes-ok.live$document
@ -46,7 +46,6 @@
||consumerprotectioncybersecurity.org$document
||contentamigo.ru$document
||contentarea.ru$document
||contentgate.cam$document
||contentgate.club$document
||country-news.live$document
||crazyprize.buzz$document
@ -125,6 +124,7 @@
||investinfo.net$document
||ironprovpn.me$document
||isystemupdate.cloud$document
||java-forum.org$document
||jetsummer.xyz$document
||jointingifstrawberry.xyz$document
||jojomamanbebe.ie$document
@ -245,7 +245,6 @@
||rewards-promotion-winner-super.cyou$document
||rewardsluckygiveawayprize.cyou$document
||rewardspromotionwinnersuper.cyou$document
||robogarden.io$document
||runadvanced-bestgreatlyfile.best$document
||rungreatly-bestadvancedfile.best$document
||runnewest-bestextremelyfile.best$document
@ -357,7 +356,6 @@
||worldwideofficialrewardssuper.cyou$document
||worldwideprizegiveawayfree.cyou$document
||yifymovies.cam$document
||yourlegendaryplaceupgrading.work$document
||yourlegendarysystemsupgrade.work$document
||yourlinkplaceupdatingfree.work$document
||yourmoneymachine.cc$document

8
dist/pup-filter.tpl vendored
View File

@ -1,7 +1,7 @@
msFilterList
# Title: PUP Hosts Blocklist (IE)
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Mon, 13 Sep 2021 12:03:07 +0000
# Updated: Tue, 14 Sep 2021 00:02:51 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -12,11 +12,11 @@ msFilterList
-d 4upgradingstablesafe.work
-d affiliateland.io
-d aikoo.club
-d amobil.online
-d appzfirer.biz
-d armorprovpn.me
-d atprofessor.fun
-d atwater.org
-d auto-car-search.site
-d be-5hdo32xes-ok.live
-d be-n9lnns3n-ok.live
-d be-us-exercise-bikes-ok.live
@ -49,7 +49,6 @@ msFilterList
-d consumerprotectioncybersecurity.org
-d contentamigo.ru
-d contentarea.ru
-d contentgate.cam
-d contentgate.club
-d country-news.live
-d crazyprize.buzz
@ -128,6 +127,7 @@ msFilterList
-d investinfo.net
-d ironprovpn.me
-d isystemupdate.cloud
-d java-forum.org
-d jetsummer.xyz
-d jointingifstrawberry.xyz
-d jojomamanbebe.ie
@ -248,7 +248,6 @@ msFilterList
-d rewards-promotion-winner-super.cyou
-d rewardsluckygiveawayprize.cyou
-d rewardspromotionwinnersuper.cyou
-d robogarden.io
-d runadvanced-bestgreatlyfile.best
-d rungreatly-bestadvancedfile.best
-d runnewest-bestextremelyfile.best
@ -360,7 +359,6 @@ msFilterList
-d worldwideofficialrewardssuper.cyou
-d worldwideprizegiveawayfree.cyou
-d yifymovies.cam
-d yourlegendaryplaceupgrading.work
-d yourlegendarysystemsupgrade.work
-d yourlinkplaceupdatingfree.work
-d yourmoneymachine.cc

8
dist/pup-filter.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Mon, 13 Sep 2021 12:03:07 +0000
! Updated: Tue, 14 Sep 2021 00:02:51 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -9,11 +9,11 @@
4upgradingstablesafe.work
affiliateland.io
aikoo.club
amobil.online
appzfirer.biz
armorprovpn.me
atprofessor.fun
atwater.org
auto-car-search.site
be-5hdo32xes-ok.live
be-n9lnns3n-ok.live
be-us-exercise-bikes-ok.live
@ -46,7 +46,6 @@ connecttheupgradingurls.work
consumerprotectioncybersecurity.org
contentamigo.ru
contentarea.ru
contentgate.cam
contentgate.club
country-news.live
crazyprize.buzz
@ -125,6 +124,7 @@ intelectaction.ru
investinfo.net
ironprovpn.me
isystemupdate.cloud
java-forum.org
jetsummer.xyz
jointingifstrawberry.xyz
jojomamanbebe.ie
@ -245,7 +245,6 @@ randomprizebigwinofficial.cyou
rewards-promotion-winner-super.cyou
rewardsluckygiveawayprize.cyou
rewardspromotionwinnersuper.cyou
robogarden.io
runadvanced-bestgreatlyfile.best
rungreatly-bestadvancedfile.best
runnewest-bestextremelyfile.best
@ -357,7 +356,6 @@ worldwideofficialpromotion.cyou
worldwideofficialrewardssuper.cyou
worldwideprizegiveawayfree.cyou
yifymovies.cam
yourlegendaryplaceupgrading.work
yourlegendarysystemsupgrade.work
yourlinkplaceupdatingfree.work
yourmoneymachine.cc