curben
/
pup-filter
mirror of https://gitlab.com/malware-filter/pup-filter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Filter updated: Sat, 31 Jul 2021 12:03:04 +0000

This commit is contained in:
curben-bot 2021-07-31 12:03:04 +00:00
parent 15ff71d41f
commit f5d6dae88f
15 changed files with 172 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
dist/pup-filter-ag.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Sat, 31 Jul 2021 00:02:56 +0000
! Updated: Sat, 31 Jul 2021 12:03:04 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@
||rewardsluckygiveawayprize.cyou$all
||rewardspromotionwinnersuper.cyou$all
||ritaus.org$all
||robogarden.io$all
||rootessential.info$all
||runadvanced-bestextremelyfile.best$all
||runcurrent-bestextremelyfile.best$all
@ -369,6 +368,7 @@
||startos.win$all
||stay-notified.cc$all
||stickr.co$all
||stogether.fun$all
||streamadvanced-bestcompletelyfile.best$all
||streamadvanced-bestextremelyfile.best$all
||streamdeveloped-bestoverlyfile.best$all

4
dist/pup-filter-agh.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (AdGuard Home)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Sat, 31 Jul 2021 00:02:56 +0000
! Updated: Sat, 31 Jul 2021 12:03:04 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@
||rewardsluckygiveawayprize.cyou^
||rewardspromotionwinnersuper.cyou^
||ritaus.org^
||robogarden.io^
||rootessential.info^
||runadvanced-bestextremelyfile.best^
||runcurrent-bestextremelyfile.best^
@ -369,6 +368,7 @@
||startos.win^
||stay-notified.cc^
||stickr.co^
||stogether.fun^
||streamadvanced-bestcompletelyfile.best^
||streamadvanced-bestextremelyfile.best^
||streamdeveloped-bestoverlyfile.best^

4
dist/pup-filter-bind.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains BIND Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@ zone "rewards-promotion-winner-super.cyou" { type master; notify no; file "null.
zone "rewardsluckygiveawayprize.cyou" { type master; notify no; file "null.zone.file"; };
zone "rewardspromotionwinnersuper.cyou" { type master; notify no; file "null.zone.file"; };
zone "ritaus.org" { type master; notify no; file "null.zone.file"; };
zone "robogarden.io" { type master; notify no; file "null.zone.file"; };
zone "rootessential.info" { type master; notify no; file "null.zone.file"; };
zone "runadvanced-bestextremelyfile.best" { type master; notify no; file "null.zone.file"; };
zone "runcurrent-bestextremelyfile.best" { type master; notify no; file "null.zone.file"; };
@ -369,6 +368,7 @@ zone "start-page.one" { type master; notify no; file "null.zone.file"; };
zone "startos.win" { type master; notify no; file "null.zone.file"; };
zone "stay-notified.cc" { type master; notify no; file "null.zone.file"; };
zone "stickr.co" { type master; notify no; file "null.zone.file"; };
zone "stogether.fun" { type master; notify no; file "null.zone.file"; };
zone "streamadvanced-bestcompletelyfile.best" { type master; notify no; file "null.zone.file"; };
zone "streamadvanced-bestextremelyfile.best" { type master; notify no; file "null.zone.file"; };
zone "streamdeveloped-bestoverlyfile.best" { type master; notify no; file "null.zone.file"; };

4
dist/pup-filter-dnscrypt-blocked-names.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Names Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@ rewards-promotion-winner-super.cyou
rewardsluckygiveawayprize.cyou
rewardspromotionwinnersuper.cyou
ritaus.org
robogarden.io
rootessential.info
runadvanced-bestextremelyfile.best
runcurrent-bestextremelyfile.best
@ -369,6 +368,7 @@ start-page.one
startos.win
stay-notified.cc
stickr.co
stogether.fun
streamadvanced-bestcompletelyfile.best
streamadvanced-bestextremelyfile.best
streamdeveloped-bestoverlyfile.best

4
dist/pup-filter-dnsmasq.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains dnsmasq Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@ address=/rewards-promotion-winner-super.cyou/0.0.0.0
address=/rewardsluckygiveawayprize.cyou/0.0.0.0
address=/rewardspromotionwinnersuper.cyou/0.0.0.0
address=/ritaus.org/0.0.0.0
address=/robogarden.io/0.0.0.0
address=/rootessential.info/0.0.0.0
address=/runadvanced-bestextremelyfile.best/0.0.0.0
address=/runcurrent-bestextremelyfile.best/0.0.0.0
@ -369,6 +368,7 @@ address=/start-page.one/0.0.0.0
address=/startos.win/0.0.0.0
address=/stay-notified.cc/0.0.0.0
address=/stickr.co/0.0.0.0
address=/stogether.fun/0.0.0.0
address=/streamadvanced-bestcompletelyfile.best/0.0.0.0
address=/streamadvanced-bestextremelyfile.best/0.0.0.0
address=/streamdeveloped-bestoverlyfile.best/0.0.0.0

4
dist/pup-filter-domains.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@ rewards-promotion-winner-super.cyou
rewardsluckygiveawayprize.cyou
rewardspromotionwinnersuper.cyou
ritaus.org
robogarden.io
rootessential.info
runadvanced-bestextremelyfile.best
runcurrent-bestextremelyfile.best
@ -369,6 +368,7 @@ start-page.one
startos.win
stay-notified.cc
stickr.co
stogether.fun
streamadvanced-bestcompletelyfile.best
streamadvanced-bestextremelyfile.best
streamdeveloped-bestoverlyfile.best

4
dist/pup-filter-hosts.txt vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Hosts Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@
0.0.0.0 rewardsluckygiveawayprize.cyou
0.0.0.0 rewardspromotionwinnersuper.cyou
0.0.0.0 ritaus.org
0.0.0.0 robogarden.io
0.0.0.0 rootessential.info
0.0.0.0 runadvanced-bestextremelyfile.best
0.0.0.0 runcurrent-bestextremelyfile.best
@ -369,6 +368,7 @@
0.0.0.0 startos.win
0.0.0.0 stay-notified.cc
0.0.0.0 stickr.co
0.0.0.0 stogether.fun
0.0.0.0 streamadvanced-bestcompletelyfile.best
0.0.0.0 streamadvanced-bestextremelyfile.best
0.0.0.0 streamdeveloped-bestoverlyfile.best

6
dist/pup-filter-rpz.conf vendored
View File

@ -1,13 +1,13 @@
; Title: PUP Domains RPZ Blocklist
; Description: Block domains that host potentially unwanted programs (PUP)
; Updated: Sat, 31 Jul 2021 00:02:56 +0000
; Updated: Sat, 31 Jul 2021 12:03:04 +0000
; Expires: 1 day (update frequency)
; Homepage: https://gitlab.com/curben/pup-filter
; License: https://gitlab.com/curben/pup-filter#license
; Source: https://github.com/zhouhanc/malware-discoverer
$TTL 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1627689776 86400 3600 604800 30
@ IN SOA rpz.curben.gitlab.io. hostmaster.rpz.curben.gitlab.io. 1627732984 86400 3600 604800 30
NS localhost.
123news.website CNAME .
@ -326,7 +326,6 @@ rewards-promotion-winner-super.cyou CNAME .
rewardsluckygiveawayprize.cyou CNAME .
rewardspromotionwinnersuper.cyou CNAME .
ritaus.org CNAME .
robogarden.io CNAME .
rootessential.info CNAME .
runadvanced-bestextremelyfile.best CNAME .
runcurrent-bestextremelyfile.best CNAME .
@ -374,6 +373,7 @@ start-page.one CNAME .
startos.win CNAME .
stay-notified.cc CNAME .
stickr.co CNAME .
stogether.fun CNAME .
streamadvanced-bestcompletelyfile.best CNAME .
streamadvanced-bestextremelyfile.best CNAME .
streamdeveloped-bestoverlyfile.best CNAME .

98
dist/pup-filter-snort2.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort2 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,54 +321,54 @@ alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website d
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardsluckygiveawayprize.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000314; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rewardspromotionwinnersuper.cyou"; content:"Host"; http_header; classtype:web-application-activity; sid:300000315; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"ritaus.org"; content:"Host"; http_header; classtype:web-application-activity; sid:300000316; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"robogarden.io"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rootessential.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runcurrent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rundeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runfree-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runintensely-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runlatest-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdate.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdates.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scoopswoop.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"score-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchoffers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seasoned.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alert.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-made-easy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seemlast.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-care.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartys.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sorrectionki.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000358; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000359; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000360; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000361; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000362; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stay-notified.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000363; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000364; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rootessential.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000317; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000318; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runcurrent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000319; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"rundeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000320; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestadvancedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000321; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestcurrentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000322; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestlatestfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000323; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runextremely-bestrecentfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000324; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runfree-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000325; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runintensely-bestrenewedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000326; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runlatest-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000327; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runnewest-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000328; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000329; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoriginal-bestintenselyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000330; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestdevelopedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000331; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestquickfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000332; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runoverly-bestsophisticatedfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000333; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runprogressive-bestmostfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000334; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000335; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"runrecent-besthighlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000336; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdate.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000337; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"safest4placeupdates.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000338; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"savagegrowplus.net"; content:"Host"; http_header; classtype:web-application-activity; sid:300000339; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"scoopswoop.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000340; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"score-monitoring.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000341; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"search4theupdatefree.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000342; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"searchoffers.info"; content:"Host"; http_header; classtype:web-application-activity; sid:300000343; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seasoned.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000344; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alert.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000345; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sec-alerts.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000346; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securitevpn.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000347; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"security-made-easy.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000348; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"securityvpnpro.me"; content:"Host"; http_header; classtype:web-application-activity; sid:300000349; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"seemlast.monster"; content:"Host"; http_header; classtype:web-application-activity; sid:300000350; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sergey-tracks.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000351; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"service-care.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000352; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"settothereliableupgradingnew.work"; content:"Host"; http_header; classtype:web-application-activity; sid:300000353; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"shopnsave.world"; content:"Host"; http_header; classtype:web-application-activity; sid:300000354; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"signupandturnyourscreenoffsafepowernow.date"; content:"Host"; http_header; classtype:web-application-activity; sid:300000355; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"smartys.link"; content:"Host"; http_header; classtype:web-application-activity; sid:300000356; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"sorrectionki.space"; content:"Host"; http_header; classtype:web-application-activity; sid:300000357; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"spotmapd.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000358; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"springplanetf.xyz"; content:"Host"; http_header; classtype:web-application-activity; sid:300000359; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"start-page.one"; content:"Host"; http_header; classtype:web-application-activity; sid:300000360; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"startos.win"; content:"Host"; http_header; classtype:web-application-activity; sid:300000361; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stay-notified.cc"; content:"Host"; http_header; classtype:web-application-activity; sid:300000362; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stickr.co"; content:"Host"; http_header; classtype:web-application-activity; sid:300000363; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"stogether.fun"; content:"Host"; http_header; classtype:web-application-activity; sid:300000364; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestcompletelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000365; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamadvanced-bestextremelyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000366; rev:1;)
alert tcp $HOME_NET any -> $EXTERNAL_NET [80,443] (msg:"pup-filter PUP website detected"; flow:established,from_client; content:"GET"; http_method; content:"streamdeveloped-bestoverlyfile.best"; content:"Host"; http_header; classtype:web-application-activity; sid:300000367; rev:1;)

98
dist/pup-filter-snort3.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Snort3 Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,54 +321,54 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardsluckygiveawayprize.cyou",nocase; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rewardspromotionwinnersuper.cyou",nocase; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"ritaus.org",nocase; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"robogarden.io",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rootessential.info",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runcurrent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rundeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runfree-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runintensely-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runlatest-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdate.info",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdates.info",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scoopswoop.info",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"score-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchoffers.info",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seasoned.co",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alert.xyz",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alerts.xyz",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-made-easy.xyz",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seemlast.monster",nocase; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"service-care.space",nocase; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartys.link",nocase; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sorrectionki.space",nocase; classtype:web-application-activity; sid:300000358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stay-notified.cc",nocase; classtype:web-application-activity; sid:300000363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rootessential.info",nocase; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runcurrent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"rundeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestadvancedfile.best",nocase; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestcurrentfile.best",nocase; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestlatestfile.best",nocase; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runextremely-bestrecentfile.best",nocase; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runfree-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runintensely-bestrenewedfile.best",nocase; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runlatest-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runnewest-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoriginal-bestintenselyfile.best",nocase; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestdevelopedfile.best",nocase; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestquickfile.best",nocase; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runoverly-bestsophisticatedfile.best",nocase; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runprogressive-bestmostfile.best",nocase; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"runrecent-besthighlyfile.best",nocase; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdate.info",nocase; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"safest4placeupdates.info",nocase; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"savagegrowplus.net",nocase; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"scoopswoop.info",nocase; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"score-monitoring.xyz",nocase; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"search4theupdatefree.work",nocase; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"searchoffers.info",nocase; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seasoned.co",nocase; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alert.xyz",nocase; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sec-alerts.xyz",nocase; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securitevpn.me",nocase; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"security-made-easy.xyz",nocase; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"securityvpnpro.me",nocase; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"seemlast.monster",nocase; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sergey-tracks.xyz",nocase; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"service-care.space",nocase; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"settothereliableupgradingnew.work",nocase; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"shopnsave.world",nocase; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"signupandturnyourscreenoffsafepowernow.date",nocase; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"smartys.link",nocase; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"sorrectionki.space",nocase; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"spotmapd.xyz",nocase; classtype:web-application-activity; sid:300000358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"springplanetf.xyz",nocase; classtype:web-application-activity; sid:300000359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"start-page.one",nocase; classtype:web-application-activity; sid:300000360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"startos.win",nocase; classtype:web-application-activity; sid:300000361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stay-notified.cc",nocase; classtype:web-application-activity; sid:300000362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stickr.co",nocase; classtype:web-application-activity; sid:300000363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"stogether.fun",nocase; classtype:web-application-activity; sid:300000364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestcompletelyfile.best",nocase; classtype:web-application-activity; sid:300000365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamadvanced-bestextremelyfile.best",nocase; classtype:web-application-activity; sid:300000366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; http_header:field host; content:"streamdeveloped-bestoverlyfile.best",nocase; classtype:web-application-activity; sid:300000367; rev:1;)

98
dist/pup-filter-suricata.rules vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Suricata Ruleset
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,54 +321,54 @@ alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detec
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardsluckygiveawayprize.cyou"; classtype:web-application-activity; sid:300000314; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rewardspromotionwinnersuper.cyou"; classtype:web-application-activity; sid:300000315; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ritaus.org"; classtype:web-application-activity; sid:300000316; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rootessential.info"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runcurrent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rundeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestrecentfile.best"; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runfree-bestoverlyfile.best"; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runintensely-bestrenewedfile.best"; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runlatest-besthighlyfile.best"; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestextremelyfile.best"; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestintenselyfile.best"; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestquickfile.best"; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-besthighlyfile.best"; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdate.info"; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdates.info"; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scoopswoop.info"; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"score-monitoring.xyz"; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchoffers.info"; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seasoned.co"; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alerts.xyz"; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-made-easy.xyz"; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-care.space"; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartys.link"; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sorrectionki.space"; classtype:web-application-activity; sid:300000358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stay-notified.cc"; classtype:web-application-activity; sid:300000363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rootessential.info"; classtype:web-application-activity; sid:300000317; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000318; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runcurrent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000319; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rundeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000320; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000321; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000322; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000323; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestrecentfile.best"; classtype:web-application-activity; sid:300000324; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runfree-bestoverlyfile.best"; classtype:web-application-activity; sid:300000325; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runintensely-bestrenewedfile.best"; classtype:web-application-activity; sid:300000326; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runlatest-besthighlyfile.best"; classtype:web-application-activity; sid:300000327; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000328; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestextremelyfile.best"; classtype:web-application-activity; sid:300000329; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestintenselyfile.best"; classtype:web-application-activity; sid:300000330; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000331; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestquickfile.best"; classtype:web-application-activity; sid:300000332; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000333; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runprogressive-bestmostfile.best"; classtype:web-application-activity; sid:300000334; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000335; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-besthighlyfile.best"; classtype:web-application-activity; sid:300000336; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdate.info"; classtype:web-application-activity; sid:300000337; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdates.info"; classtype:web-application-activity; sid:300000338; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"savagegrowplus.net"; classtype:web-application-activity; sid:300000339; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scoopswoop.info"; classtype:web-application-activity; sid:300000340; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"score-monitoring.xyz"; classtype:web-application-activity; sid:300000341; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search4theupdatefree.work"; classtype:web-application-activity; sid:300000342; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchoffers.info"; classtype:web-application-activity; sid:300000343; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seasoned.co"; classtype:web-application-activity; sid:300000344; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000345; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alerts.xyz"; classtype:web-application-activity; sid:300000346; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securitevpn.me"; classtype:web-application-activity; sid:300000347; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-made-easy.xyz"; classtype:web-application-activity; sid:300000348; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"securityvpnpro.me"; classtype:web-application-activity; sid:300000349; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000350; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sergey-tracks.xyz"; classtype:web-application-activity; sid:300000351; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"service-care.space"; classtype:web-application-activity; sid:300000352; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"settothereliableupgradingnew.work"; classtype:web-application-activity; sid:300000353; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000354; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"signupandturnyourscreenoffsafepowernow.date"; classtype:web-application-activity; sid:300000355; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartys.link"; classtype:web-application-activity; sid:300000356; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sorrectionki.space"; classtype:web-application-activity; sid:300000357; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotmapd.xyz"; classtype:web-application-activity; sid:300000358; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetf.xyz"; classtype:web-application-activity; sid:300000359; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"start-page.one"; classtype:web-application-activity; sid:300000360; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"startos.win"; classtype:web-application-activity; sid:300000361; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stay-notified.cc"; classtype:web-application-activity; sid:300000362; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stickr.co"; classtype:web-application-activity; sid:300000363; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stogether.fun"; classtype:web-application-activity; sid:300000364; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000365; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000366; rev:1;)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"streamdeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000367; rev:1;)

4
dist/pup-filter-unbound.conf vendored
View File

@ -1,6 +1,6 @@
# Title: PUP Domains Unbound Blocklist
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@ local-zone: "rewards-promotion-winner-super.cyou" always_nxdomain
local-zone: "rewardsluckygiveawayprize.cyou" always_nxdomain
local-zone: "rewardspromotionwinnersuper.cyou" always_nxdomain
local-zone: "ritaus.org" always_nxdomain
local-zone: "robogarden.io" always_nxdomain
local-zone: "rootessential.info" always_nxdomain
local-zone: "runadvanced-bestextremelyfile.best" always_nxdomain
local-zone: "runcurrent-bestextremelyfile.best" always_nxdomain
@ -369,6 +368,7 @@ local-zone: "start-page.one" always_nxdomain
local-zone: "startos.win" always_nxdomain
local-zone: "stay-notified.cc" always_nxdomain
local-zone: "stickr.co" always_nxdomain
local-zone: "stogether.fun" always_nxdomain
local-zone: "streamadvanced-bestcompletelyfile.best" always_nxdomain
local-zone: "streamadvanced-bestextremelyfile.best" always_nxdomain
local-zone: "streamdeveloped-bestoverlyfile.best" always_nxdomain

4
dist/pup-filter-vivaldi.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist (Vivaldi)
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Sat, 31 Jul 2021 00:02:56 +0000
! Updated: Sat, 31 Jul 2021 12:03:04 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@
||rewardsluckygiveawayprize.cyou$document
||rewardspromotionwinnersuper.cyou$document
||ritaus.org$document
||robogarden.io$document
||rootessential.info$document
||runadvanced-bestextremelyfile.best$document
||runcurrent-bestextremelyfile.best$document
@ -369,6 +368,7 @@
||startos.win$document
||stay-notified.cc$document
||stickr.co$document
||stogether.fun$document
||streamadvanced-bestcompletelyfile.best$document
||streamadvanced-bestextremelyfile.best$document
||streamdeveloped-bestoverlyfile.best$document

4
dist/pup-filter.tpl vendored
View File

@ -1,7 +1,7 @@
msFilterList
# Title: PUP Hosts Blocklist (IE)
# Description: Block domains that host potentially unwanted programs (PUP)
# Updated: Sat, 31 Jul 2021 00:02:56 +0000
# Updated: Sat, 31 Jul 2021 12:03:04 +0000
# Expires: 1 day (update frequency)
# Homepage: https://gitlab.com/curben/pup-filter
# License: https://gitlab.com/curben/pup-filter#license
@ -324,7 +324,6 @@ msFilterList
-d rewardsluckygiveawayprize.cyou
-d rewardspromotionwinnersuper.cyou
-d ritaus.org
-d robogarden.io
-d rootessential.info
-d runadvanced-bestextremelyfile.best
-d runcurrent-bestextremelyfile.best
@ -372,6 +371,7 @@ msFilterList
-d startos.win
-d stay-notified.cc
-d stickr.co
-d stogether.fun
-d streamadvanced-bestcompletelyfile.best
-d streamadvanced-bestextremelyfile.best
-d streamdeveloped-bestoverlyfile.best

4
dist/pup-filter.txt vendored
View File

@ -1,6 +1,6 @@
! Title: PUP Domains Blocklist
! Description: Block domains that host potentially unwanted programs (PUP)
! Updated: Sat, 31 Jul 2021 00:02:56 +0000
! Updated: Sat, 31 Jul 2021 12:03:04 +0000
! Expires: 1 day (update frequency)
! Homepage: https://gitlab.com/curben/pup-filter
! License: https://gitlab.com/curben/pup-filter#license
@ -321,7 +321,6 @@ rewards-promotion-winner-super.cyou
rewardsluckygiveawayprize.cyou
rewardspromotionwinnersuper.cyou
ritaus.org
robogarden.io
rootessential.info
runadvanced-bestextremelyfile.best
runcurrent-bestextremelyfile.best
@ -369,6 +368,7 @@ start-page.one
startos.win
stay-notified.cc
stickr.co
stogether.fun
streamadvanced-bestcompletelyfile.best
streamadvanced-bestextremelyfile.best
streamdeveloped-bestoverlyfile.best