472 lines
112 KiB
Plaintext
472 lines
112 KiB
Plaintext
# Title: PUP Domains Suricata Ruleset
|
|
# Updated: Wed, 31 Mar 2021 10:44:46 +0000
|
|
# Expires: 1 day (update frequency)
|
|
# Homepage: https://gitlab.com/curben/pup-filter
|
|
# License: https://gitlab.com/curben/pup-filter#license
|
|
# Source: https://github.com/zhouhanc/malware-discoverer
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"20patogh.com"; classtype:web-application-activity; sid:300000001; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"321movies.xyz"; classtype:web-application-activity; sid:300000002; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"4uabs.club"; classtype:web-application-activity; sid:300000003; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"7awwa2.xyz"; classtype:web-application-activity; sid:300000004; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"abeah-security.xyz"; classtype:web-application-activity; sid:300000005; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"adrondespi.top"; classtype:web-application-activity; sid:300000006; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"advancecare.info"; classtype:web-application-activity; sid:300000007; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"akb48wrapup.com"; classtype:web-application-activity; sid:300000008; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"amateurxporn.com"; classtype:web-application-activity; sid:300000009; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"anismunre.info"; classtype:web-application-activity; sid:300000010; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"apptool.me"; classtype:web-application-activity; sid:300000011; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ashtdi.cn"; classtype:web-application-activity; sid:300000012; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"assuredhealth.info"; classtype:web-application-activity; sid:300000013; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"asufij.xyz"; classtype:web-application-activity; sid:300000014; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"auto-lawyer.site"; classtype:web-application-activity; sid:300000015; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"baseofmp3.com"; classtype:web-application-activity; sid:300000016; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bestappland.me"; classtype:web-application-activity; sid:300000017; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bestlinkupgrade.info"; classtype:web-application-activity; sid:300000018; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bestlinkupgrades.info"; classtype:web-application-activity; sid:300000019; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bestlinkupgrading.info"; classtype:web-application-activity; sid:300000020; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bestresults.xyz"; classtype:web-application-activity; sid:300000021; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bettercleanplayer.info"; classtype:web-application-activity; sid:300000022; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bettercleanplayers.info"; classtype:web-application-activity; sid:300000023; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"betterfreedownloadplayer.info"; classtype:web-application-activity; sid:300000024; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"betterfreedownloadplayers.info"; classtype:web-application-activity; sid:300000025; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bigcbd.info"; classtype:web-application-activity; sid:300000026; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bigdaycasino.info"; classtype:web-application-activity; sid:300000027; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bittrend.com"; classtype:web-application-activity; sid:300000028; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"biztherapy.info"; classtype:web-application-activity; sid:300000029; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bodyamaze.club"; classtype:web-application-activity; sid:300000030; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"bodyselfcare.info"; classtype:web-application-activity; sid:300000031; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"browsercheck.site"; classtype:web-application-activity; sid:300000032; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cabins-r-us.com"; classtype:web-application-activity; sid:300000033; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"calculateprint.xyz"; classtype:web-application-activity; sid:300000034; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carebility.info"; classtype:web-application-activity; sid:300000035; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"carevision.info"; classtype:web-application-activity; sid:300000036; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"celebseven.com"; classtype:web-application-activity; sid:300000037; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"centrodeartigos.com"; classtype:web-application-activity; sid:300000038; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cheerplaceweb.xyz"; classtype:web-application-activity; sid:300000039; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"coachbelief.xyz"; classtype:web-application-activity; sid:300000040; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"collectrewards.net"; classtype:web-application-activity; sid:300000041; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"comphp.xyz"; classtype:web-application-activity; sid:300000042; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"conceivecolor.xyz"; classtype:web-application-activity; sid:300000043; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cooing.top"; classtype:web-application-activity; sid:300000044; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-alerts.xyz"; classtype:web-application-activity; sid:300000045; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-monitor.xyz"; classtype:web-application-activity; sid:300000046; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"credit-resources.xyz"; classtype:web-application-activity; sid:300000047; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptotradingcourses.net"; classtype:web-application-activity; sid:300000048; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cryptounlimited.info"; classtype:web-application-activity; sid:300000049; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"cs-alerts.xyz"; classtype:web-application-activity; sid:300000050; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"curesector.today"; classtype:web-application-activity; sid:300000051; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"degreenm.top"; classtype:web-application-activity; sid:300000052; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"delightcmain.xyz"; classtype:web-application-activity; sid:300000053; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"digitalinvest.news"; classtype:web-application-activity; sid:300000054; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"displayfriend.xyz"; classtype:web-application-activity; sid:300000055; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ditvl.com"; classtype:web-application-activity; sid:300000056; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"dragonballclub.com"; classtype:web-application-activity; sid:300000057; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ehousan.top"; classtype:web-application-activity; sid:300000058; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eproute.info"; classtype:web-application-activity; sid:300000059; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"eroanimeittyokusen.com"; classtype:web-application-activity; sid:300000060; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"excitingthing.xyz"; classtype:web-application-activity; sid:300000061; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"facebook-sex.com"; classtype:web-application-activity; sid:300000062; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastmapf.xyz"; classtype:web-application-activity; sid:300000063; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastplanetf.xyz"; classtype:web-application-activity; sid:300000064; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fastspotb.xyz"; classtype:web-application-activity; sid:300000065; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"filmesonlineturbo.net"; classtype:web-application-activity; sid:300000066; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"filmrod.xyz"; classtype:web-application-activity; sid:300000067; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"films-down.com"; classtype:web-application-activity; sid:300000068; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"financial-deals.xyz"; classtype:web-application-activity; sid:300000069; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findforus.net"; classtype:web-application-activity; sid:300000070; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findoffers.co"; classtype:web-application-activity; sid:300000071; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findperfectplaces4download.work"; classtype:web-application-activity; sid:300000072; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"findyourultimateplayersfirst.best"; classtype:web-application-activity; sid:300000073; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"firststableplayer.work"; classtype:web-application-activity; sid:300000074; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fisham.site"; classtype:web-application-activity; sid:300000075; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fitandready.info"; classtype:web-application-activity; sid:300000076; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fitandstable.club"; classtype:web-application-activity; sid:300000077; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fitbodyandsoul.info"; classtype:web-application-activity; sid:300000078; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fitcourage.info"; classtype:web-application-activity; sid:300000079; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fithealthspark.info"; classtype:web-application-activity; sid:300000080; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fithealthspot.club"; classtype:web-application-activity; sid:300000081; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fithealthsure.info"; classtype:web-application-activity; sid:300000082; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fitlifevalue.info"; classtype:web-application-activity; sid:300000083; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fitnessdial.club"; classtype:web-application-activity; sid:300000084; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fitsure.info"; classtype:web-application-activity; sid:300000085; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"foregoingpump.xyz"; classtype:web-application-activity; sid:300000086; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"forsalecheap.net"; classtype:web-application-activity; sid:300000087; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freeperfectupgrade.work"; classtype:web-application-activity; sid:300000088; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"freshclover.info"; classtype:web-application-activity; sid:300000089; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fuck-me-hard.club"; classtype:web-application-activity; sid:300000090; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funmapc.xyz"; classtype:web-application-activity; sid:300000091; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funmapd.xyz"; classtype:web-application-activity; sid:300000092; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funplanetb.xyz"; classtype:web-application-activity; sid:300000093; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funsiteb.xyz"; classtype:web-application-activity; sid:300000094; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspinf.xyz"; classtype:web-application-activity; sid:300000095; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funspotf.xyz"; classtype:web-application-activity; sid:300000096; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"funwebd.xyz"; classtype:web-application-activity; sid:300000097; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"fwsxqc.cn"; classtype:web-application-activity; sid:300000098; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gainhealth.info"; classtype:web-application-activity; sid:300000099; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gapingshame.xyz"; classtype:web-application-activity; sid:300000100; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"generouscare.info"; classtype:web-application-activity; sid:300000101; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"getstablesystemupgrades.work"; classtype:web-application-activity; sid:300000102; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladcboulevard.xyz"; classtype:web-application-activity; sid:300000103; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladdboulevard.xyz"; classtype:web-application-activity; sid:300000104; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladplaceweb.xyz"; classtype:web-application-activity; sid:300000105; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladslotweb.xyz"; classtype:web-application-activity; sid:300000106; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladspotplay.xyz"; classtype:web-application-activity; sid:300000107; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladspotwonder.xyz"; classtype:web-application-activity; sid:300000108; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladvideo.fun"; classtype:web-application-activity; sid:300000109; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladvideo.online"; classtype:web-application-activity; sid:300000110; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladvideo.site"; classtype:web-application-activity; sid:300000111; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladvideo.surf"; classtype:web-application-activity; sid:300000112; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"gladvideo.website"; classtype:web-application-activity; sid:300000113; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"globalvideo.fun"; classtype:web-application-activity; sid:300000114; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"globalvideo.store"; classtype:web-application-activity; sid:300000115; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"go-x34n7wbcoes-ok.live"; classtype:web-application-activity; sid:300000116; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"govpshosting.com"; classtype:web-application-activity; sid:300000117; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"graburprize.net"; classtype:web-application-activity; sid:300000118; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"grandcasinoprize.info"; classtype:web-application-activity; sid:300000119; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"greatplaceofstubs.work"; classtype:web-application-activity; sid:300000120; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"greatsearch.xyz"; classtype:web-application-activity; sid:300000121; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"growthnetic.club"; classtype:web-application-activity; sid:300000122; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"hailso.xyz"; classtype:web-application-activity; sid:300000123; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"haircarepro.info"; classtype:web-application-activity; sid:300000124; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"happyactive.today"; classtype:web-application-activity; sid:300000125; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"happymakeworld.xyz"; classtype:web-application-activity; sid:300000126; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healandgrow.club"; classtype:web-application-activity; sid:300000127; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthdefine.info"; classtype:web-application-activity; sid:300000128; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthdome.info"; classtype:web-application-activity; sid:300000129; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healtheezy.info"; classtype:web-application-activity; sid:300000130; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthemerge.info"; classtype:web-application-activity; sid:300000131; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthjolly.info"; classtype:web-application-activity; sid:300000132; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthmainly.info"; classtype:web-application-activity; sid:300000133; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthmaintain.info"; classtype:web-application-activity; sid:300000134; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthmama.info"; classtype:web-application-activity; sid:300000135; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthmanic.info"; classtype:web-application-activity; sid:300000136; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthmarlin.club"; classtype:web-application-activity; sid:300000137; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthneo.club"; classtype:web-application-activity; sid:300000138; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthready.info"; classtype:web-application-activity; sid:300000139; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthreportsweb.info"; classtype:web-application-activity; sid:300000140; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthreward.info"; classtype:web-application-activity; sid:300000141; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthroll.info"; classtype:web-application-activity; sid:300000142; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthschedule.club"; classtype:web-application-activity; sid:300000143; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthspark.today"; classtype:web-application-activity; sid:300000144; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthsupreme.club"; classtype:web-application-activity; sid:300000145; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthtag.club"; classtype:web-application-activity; sid:300000146; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthupper.club"; classtype:web-application-activity; sid:300000147; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthvenue.club"; classtype:web-application-activity; sid:300000148; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthvibe.live"; classtype:web-application-activity; sid:300000149; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthwella.club"; classtype:web-application-activity; sid:300000150; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthy-lifestyle.club"; classtype:web-application-activity; sid:300000151; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthyideal.club"; classtype:web-application-activity; sid:300000152; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthyparker.info"; classtype:web-application-activity; sid:300000153; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"healthysure.info"; classtype:web-application-activity; sid:300000154; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"idtheft-alert.xyz"; classtype:web-application-activity; sid:300000155; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"inappropriate.top"; classtype:web-application-activity; sid:300000156; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"information.casa"; classtype:web-application-activity; sid:300000157; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"instablog.club"; classtype:web-application-activity; sid:300000158; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"insuredhealth.info"; classtype:web-application-activity; sid:300000159; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iosrecommendedvpn.com"; classtype:web-application-activity; sid:300000160; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"iosvpnsecure.com"; classtype:web-application-activity; sid:300000161; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"izipik.com"; classtype:web-application-activity; sid:300000162; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joyplaceplay.xyz"; classtype:web-application-activity; sid:300000163; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joyspotmap.xyz"; classtype:web-application-activity; sid:300000164; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"joyspotspin.xyz"; classtype:web-application-activity; sid:300000165; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jsrenthouse.com"; classtype:web-application-activity; sid:300000166; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"jubilantdstreet.xyz"; classtype:web-application-activity; sid:300000167; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"kad3md.cn"; classtype:web-application-activity; sid:300000168; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ketodietrecipes.org"; classtype:web-application-activity; sid:300000169; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"leeching.net"; classtype:web-application-activity; sid:300000170; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legendaryplaceupgrade.info"; classtype:web-application-activity; sid:300000171; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legendaryplaceupgrades.info"; classtype:web-application-activity; sid:300000172; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legendaryplaceupgrading.info"; classtype:web-application-activity; sid:300000173; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legendaryplayerupdates.work"; classtype:web-application-activity; sid:300000174; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legendarysiteupgrading.work"; classtype:web-application-activity; sid:300000175; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legendaryvideoupgrade.info"; classtype:web-application-activity; sid:300000176; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legendaryvideoupgrades.info"; classtype:web-application-activity; sid:300000177; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"legendaryvideoupgrading.info"; classtype:web-application-activity; sid:300000178; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"life-esteem.info"; classtype:web-application-activity; sid:300000179; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lifecaregoal.info"; classtype:web-application-activity; sid:300000180; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"lightstop.xyz"; classtype:web-application-activity; sid:300000181; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livehealthcare.today"; classtype:web-application-activity; sid:300000182; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livelyyroad.xyz"; classtype:web-application-activity; sid:300000183; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"livingmighty.club"; classtype:web-application-activity; sid:300000184; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadfree-bestheavilyfile.best"; classtype:web-application-activity; sid:300000185; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatly-bestadvancedfile.best"; classtype:web-application-activity; sid:300000186; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadgreatly-bestquickfile.best"; classtype:web-application-activity; sid:300000187; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loadheavily-bestfreefile.best"; classtype:web-application-activity; sid:300000188; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loosefit.info"; classtype:web-application-activity; sid:300000189; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"loveorfun.cc"; classtype:web-application-activity; sid:300000190; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"luckjackcasino.info"; classtype:web-application-activity; sid:300000191; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"madpandatv.net"; classtype:web-application-activity; sid:300000192; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"majorhealthpro.info"; classtype:web-application-activity; sid:300000193; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"makemesafeios.com"; classtype:web-application-activity; sid:300000194; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"managestrong-theuberfile.best"; classtype:web-application-activity; sid:300000195; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-thenewestfile.best"; classtype:web-application-activity; sid:300000196; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-therecentfile.best"; classtype:web-application-activity; sid:300000197; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-thestrongfile.best"; classtype:web-application-activity; sid:300000198; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"manageuber-theswiftfile.best"; classtype:web-application-activity; sid:300000199; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mathison.io"; classtype:web-application-activity; sid:300000200; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"max-care.info"; classtype:web-application-activity; sid:300000201; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mediaplayer24.ml"; classtype:web-application-activity; sid:300000202; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"medicomatic.info"; classtype:web-application-activity; sid:300000203; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"meeryslotspin.xyz"; classtype:web-application-activity; sid:300000204; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"merryplayglobal.xyz"; classtype:web-application-activity; sid:300000205; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"merryplayworld.xyz"; classtype:web-application-activity; sid:300000206; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"mindmatch.ai"; classtype:web-application-activity; sid:300000207; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"modern-security.xyz"; classtype:web-application-activity; sid:300000208; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"monitoring-credit.xyz"; classtype:web-application-activity; sid:300000209; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"multitax.xyz"; classtype:web-application-activity; sid:300000210; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"news-new19.net"; classtype:web-application-activity; sid:300000211; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"newsitedowloads.site"; classtype:web-application-activity; sid:300000212; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nogfw.pro"; classtype:web-application-activity; sid:300000213; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nosyknot.xyz"; classtype:web-application-activity; sid:300000214; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"nutrinamic.info"; classtype:web-application-activity; sid:300000215; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onegowc.pw"; classtype:web-application-activity; sid:300000216; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"onlinecinema.eu"; classtype:web-application-activity; sid:300000217; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatecompletely-theprecisefile.best"; classtype:web-application-activity; sid:300000218; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatecompletely-thespeedyfile.best"; classtype:web-application-activity; sid:300000219; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateextremely-theprogressivefile.best"; classtype:web-application-activity; sid:300000220; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateextremely-therenewedfile.best"; classtype:web-application-activity; sid:300000221; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatefree-theuberfile.best"; classtype:web-application-activity; sid:300000222; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operategreatly-therefinedfile.best"; classtype:web-application-activity; sid:300000223; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operategreatly-theswiftfile.best"; classtype:web-application-activity; sid:300000224; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatehighly-thespeedyfile.best"; classtype:web-application-activity; sid:300000225; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatehighly-thestrongfile.best"; classtype:web-application-activity; sid:300000226; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateintensely-theprogressivefile.best"; classtype:web-application-activity; sid:300000227; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateintensely-thestrongfile.best"; classtype:web-application-activity; sid:300000228; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatenewest-theuberfile.best"; classtype:web-application-activity; sid:300000229; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateoriginal-themostfile.best"; classtype:web-application-activity; sid:300000230; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateoriginal-theuberfile.best"; classtype:web-application-activity; sid:300000231; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateoverly-thesophisticatedfile.best"; classtype:web-application-activity; sid:300000232; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateprecise-thecompletelyfile.best"; classtype:web-application-activity; sid:300000233; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateprogressive-theintenselyfile.best"; classtype:web-application-activity; sid:300000234; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatequick-themostfile.best"; classtype:web-application-activity; sid:300000235; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operaterefined-thegreatlyfile.best"; classtype:web-application-activity; sid:300000236; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operaterenewed-theextremelyfile.best"; classtype:web-application-activity; sid:300000237; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatesophisticated-theoverlyfile.best"; classtype:web-application-activity; sid:300000238; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operatespeedy-thehighlyfile.best"; classtype:web-application-activity; sid:300000239; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateuber-thefreefile.best"; classtype:web-application-activity; sid:300000240; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"operateuber-theoriginalfile.best"; classtype:web-application-activity; sid:300000241; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"patriothealth.today"; classtype:web-application-activity; sid:300000242; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"pcicompliancemanager.xyz"; classtype:web-application-activity; sid:300000243; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"perfectplaceonnetforplayers.work"; classtype:web-application-activity; sid:300000244; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performcompletely-thelatestfile.best"; classtype:web-application-activity; sid:300000245; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performcompletely-thequickfile.best"; classtype:web-application-activity; sid:300000246; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performextremely-theprecisefile.best"; classtype:web-application-activity; sid:300000247; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performfree-thehighlyfile.best"; classtype:web-application-activity; sid:300000248; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performgreatly-thespeedyfile.best"; classtype:web-application-activity; sid:300000249; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performheavily-theoriginalfile.best"; classtype:web-application-activity; sid:300000250; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighly-thefreefile.best"; classtype:web-application-activity; sid:300000251; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighly-theprecisefile.best"; classtype:web-application-activity; sid:300000252; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performhighly-therecentfile.best"; classtype:web-application-activity; sid:300000253; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performintensely-thedevelopedfile.best"; classtype:web-application-activity; sid:300000254; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performlatest-thecompletelyfile.best"; classtype:web-application-activity; sid:300000255; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performmost-thenewestfile.best"; classtype:web-application-activity; sid:300000256; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performmost-therecentfile.best"; classtype:web-application-activity; sid:300000257; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performoriginal-theheavilyfile.best"; classtype:web-application-activity; sid:300000258; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performoriginal-theuberfile.best"; classtype:web-application-activity; sid:300000259; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performoverly-theprogressivefile.best"; classtype:web-application-activity; sid:300000260; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performprecise-theextremelyfile.best"; classtype:web-application-activity; sid:300000261; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performprecise-thehighlyfile.best"; classtype:web-application-activity; sid:300000262; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performprogressive-theintenselyfile.best"; classtype:web-application-activity; sid:300000263; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performprogressive-theoverlyfile.best"; classtype:web-application-activity; sid:300000264; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performquick-thecompletelyfile.best"; classtype:web-application-activity; sid:300000265; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrecent-themostfile.best"; classtype:web-application-activity; sid:300000266; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrefined-theextremelyfile.best"; classtype:web-application-activity; sid:300000267; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performrenewed-theoverlyfile.best"; classtype:web-application-activity; sid:300000268; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performsophisticated-thehighlyfile.best"; classtype:web-application-activity; sid:300000269; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performspeedy-thegreatlyfile.best"; classtype:web-application-activity; sid:300000270; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performuber-theoriginalfile.best"; classtype:web-application-activity; sid:300000271; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"performuber-therenewedfile.best"; classtype:web-application-activity; sid:300000272; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"piorkeepi.top"; classtype:web-application-activity; sid:300000273; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesiteb.xyz"; classtype:web-application-activity; sid:300000274; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placesitee.xyz"; classtype:web-application-activity; sid:300000275; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"placewebe.xyz"; classtype:web-application-activity; sid:300000276; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"plampo.xyz"; classtype:web-application-activity; sid:300000277; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspina.xyz"; classtype:web-application-activity; sid:300000278; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspind.xyz"; classtype:web-application-activity; sid:300000279; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"playspote.xyz"; classtype:web-application-activity; sid:300000280; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"premiernursingacademy.org"; classtype:web-application-activity; sid:300000281; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"preparedforsafeupgrading.work"; classtype:web-application-activity; sid:300000282; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primawise.info"; classtype:web-application-activity; sid:300000283; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"primecare.today"; classtype:web-application-activity; sid:300000284; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"prohealthroutine.info"; classtype:web-application-activity; sid:300000285; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protect-connection.com"; classtype:web-application-activity; sid:300000286; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"protectyourvpn.com"; classtype:web-application-activity; sid:300000287; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"readyhealth.info"; classtype:web-application-activity; sid:300000288; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"readyhealthgo.today"; classtype:web-application-activity; sid:300000289; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.casa"; classtype:web-application-activity; sid:300000290; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.cyou"; classtype:web-application-activity; sid:300000291; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.fun"; classtype:web-application-activity; sid:300000292; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.space"; classtype:web-application-activity; sid:300000293; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.surf"; classtype:web-application-activity; sid:300000294; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"recontent.website"; classtype:web-application-activity; sid:300000295; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"reliablesoftwarevideos.info"; classtype:web-application-activity; sid:300000296; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"remedify.info"; classtype:web-application-activity; sid:300000297; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.casa"; classtype:web-application-activity; sid:300000298; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.fun"; classtype:web-application-activity; sid:300000299; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.online"; classtype:web-application-activity; sid:300000300; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.site"; classtype:web-application-activity; sid:300000301; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"renewvideo.website"; classtype:web-application-activity; sid:300000302; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"resignation.top"; classtype:web-application-activity; sid:300000303; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"roadtoyourhealth.info"; classtype:web-application-activity; sid:300000304; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"robogarden.io"; classtype:web-application-activity; sid:300000305; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rootessential.info"; classtype:web-application-activity; sid:300000306; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rotharbor.xyz"; classtype:web-application-activity; sid:300000307; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runadvanced-bestextremelyfile.best"; classtype:web-application-activity; sid:300000308; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runcurrent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000309; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"rundeveloped-bestoverlyfile.best"; classtype:web-application-activity; sid:300000310; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestadvancedfile.best"; classtype:web-application-activity; sid:300000311; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestcurrentfile.best"; classtype:web-application-activity; sid:300000312; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestlatestfile.best"; classtype:web-application-activity; sid:300000313; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runextremely-bestrecentfile.best"; classtype:web-application-activity; sid:300000314; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runfree-bestoverlyfile.best"; classtype:web-application-activity; sid:300000315; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runintensely-bestrenewedfile.best"; classtype:web-application-activity; sid:300000316; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runlatest-besthighlyfile.best"; classtype:web-application-activity; sid:300000317; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runnewest-bestextremelyfile.best"; classtype:web-application-activity; sid:300000318; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestextremelyfile.best"; classtype:web-application-activity; sid:300000319; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoriginal-bestintenselyfile.best"; classtype:web-application-activity; sid:300000320; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestdevelopedfile.best"; classtype:web-application-activity; sid:300000321; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestquickfile.best"; classtype:web-application-activity; sid:300000322; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runoverly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000323; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-bestextremelyfile.best"; classtype:web-application-activity; sid:300000324; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"runrecent-besthighlyfile.best"; classtype:web-application-activity; sid:300000325; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safelyonline.tech"; classtype:web-application-activity; sid:300000326; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdate.info"; classtype:web-application-activity; sid:300000327; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"safest4placeupdates.info"; classtype:web-application-activity; sid:300000328; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"scheduleagreement.xyz"; classtype:web-application-activity; sid:300000329; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"score-monitoring.xyz"; classtype:web-application-activity; sid:300000330; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-tool.net"; classtype:web-application-activity; sid:300000331; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"search-trends.co"; classtype:web-application-activity; sid:300000332; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"searchfeed.co"; classtype:web-application-activity; sid:300000333; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alert.xyz"; classtype:web-application-activity; sid:300000334; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-alerts.xyz"; classtype:web-application-activity; sid:300000335; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sec-monitoring.xyz"; classtype:web-application-activity; sid:300000336; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"second-handjam.xyz"; classtype:web-application-activity; sid:300000337; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-made-easy.xyz"; classtype:web-application-activity; sid:300000338; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-pro.xyz"; classtype:web-application-activity; sid:300000339; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"security-protection.xyz"; classtype:web-application-activity; sid:300000340; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"seemlast.monster"; classtype:web-application-activity; sid:300000341; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"selfradiance.info"; classtype:web-application-activity; sid:300000342; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shkshk.site"; classtype:web-application-activity; sid:300000343; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shopnsave.world"; classtype:web-application-activity; sid:300000344; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"shoppingexp.xyz"; classtype:web-application-activity; sid:300000345; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"smartys.link"; classtype:web-application-activity; sid:300000346; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetc.xyz"; classtype:web-application-activity; sid:300000347; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotplanetd.xyz"; classtype:web-application-activity; sid:300000348; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotspinb.xyz"; classtype:web-application-activity; sid:300000349; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"spotspotf.xyz"; classtype:web-application-activity; sid:300000350; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springplanetb.xyz"; classtype:web-application-activity; sid:300000351; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springsitea.xyz"; classtype:web-application-activity; sid:300000352; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"springsitef.xyz"; classtype:web-application-activity; sid:300000353; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"stingyscent.xyz"; classtype:web-application-activity; sid:300000354; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thefreefile.best"; classtype:web-application-activity; sid:300000355; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thequickfile.best"; classtype:web-application-activity; sid:300000356; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thespeedyfile.best"; classtype:web-application-activity; sid:300000357; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeheavily-thestrongfile.best"; classtype:web-application-activity; sid:300000358; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storelatest-theoverlyfile.best"; classtype:web-application-activity; sid:300000359; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storenewest-theoverlyfile.best"; classtype:web-application-activity; sid:300000360; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-theadvancedfile.best"; classtype:web-application-activity; sid:300000361; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thecurrentfile.best"; classtype:web-application-activity; sid:300000362; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thelatestfile.best"; classtype:web-application-activity; sid:300000363; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeoverly-thenewestfile.best"; classtype:web-application-activity; sid:300000364; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storerecent-theoverlyfile.best"; classtype:web-application-activity; sid:300000365; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storespeedy-theheavilyfile.best"; classtype:web-application-activity; sid:300000366; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"storeswift-theheavilyfile.best"; classtype:web-application-activity; sid:300000367; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"styleandhealth.info"; classtype:web-application-activity; sid:300000368; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"subeamy.pw"; classtype:web-application-activity; sid:300000369; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"sugar-legal-about13.fun"; classtype:web-application-activity; sid:300000370; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"superiorcare.info"; classtype:web-application-activity; sid:300000371; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"survey-club.club"; classtype:web-application-activity; sid:300000372; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccompletely-bestoriginalfile.best"; classtype:web-application-activity; sid:300000373; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synccompletely-bestprogressivefile.best"; classtype:web-application-activity; sid:300000374; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncgreatly-bestrenewedfile.best"; classtype:web-application-activity; sid:300000375; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncheavily-bestlatestfile.best"; classtype:web-application-activity; sid:300000376; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestfreefile.best"; classtype:web-application-activity; sid:300000377; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestoriginalfile.best"; classtype:web-application-activity; sid:300000378; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestprogressivefile.best"; classtype:web-application-activity; sid:300000379; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestrecentfile.best"; classtype:web-application-activity; sid:300000380; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestsophisticatedfile.best"; classtype:web-application-activity; sid:300000381; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synchighly-bestspeedyfile.best"; classtype:web-application-activity; sid:300000382; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncintensely-bestprogressivefile.best"; classtype:web-application-activity; sid:300000383; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"synclatest-bestuberfile.best"; classtype:web-application-activity; sid:300000384; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncoriginal-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000385; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncprogressive-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000386; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncprogressive-besthighlyfile.best"; classtype:web-application-activity; sid:300000387; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncrenewed-bestcompletelyfile.best"; classtype:web-application-activity; sid:300000388; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestoriginalfile.best"; classtype:web-application-activity; sid:300000389; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"syncuber-bestprecisefile.best"; classtype:web-application-activity; sid:300000390; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"talskingest.top"; classtype:web-application-activity; sid:300000391; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tastefulwood.xyz"; classtype:web-application-activity; sid:300000392; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"tdstraffic.xyz"; classtype:web-application-activity; sid:300000393; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theable.me"; classtype:web-application-activity; sid:300000394; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thebettercleanplayer.info"; classtype:web-application-activity; sid:300000395; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thebettercleanplayers.info"; classtype:web-application-activity; sid:300000396; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"theconnectvpn.com"; classtype:web-application-activity; sid:300000397; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thefatburner.info"; classtype:web-application-activity; sid:300000398; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thefitproject.club"; classtype:web-application-activity; sid:300000399; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthcurve.info"; classtype:web-application-activity; sid:300000400; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthcycle.club"; classtype:web-application-activity; sid:300000401; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthgo.info"; classtype:web-application-activity; sid:300000402; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthpedia.info"; classtype:web-application-activity; sid:300000403; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthystyle.info"; classtype:web-application-activity; sid:300000404; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thehealthyvibe.info"; classtype:web-application-activity; sid:300000405; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thelastpicture.show"; classtype:web-application-activity; sid:300000406; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thepackage.club"; classtype:web-application-activity; sid:300000407; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thesafestplayerlinks.work"; classtype:web-application-activity; sid:300000408; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thestablealwayssafeupdates.work"; classtype:web-application-activity; sid:300000409; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thestablegreatupgrades.best"; classtype:web-application-activity; sid:300000410; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"thrillqueen.xyz"; classtype:web-application-activity; sid:300000411; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"toovolution.club"; classtype:web-application-activity; sid:300000412; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"topnotchsports.tips"; classtype:web-application-activity; sid:300000413; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trafficbounce.net"; classtype:web-application-activity; sid:300000414; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trktraf.club"; classtype:web-application-activity; sid:300000415; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"trkvpn.xyz"; classtype:web-application-activity; sid:300000416; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uclaimrewards.net"; classtype:web-application-activity; sid:300000417; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"unequalfaucet.xyz"; classtype:web-application-activity; sid:300000418; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"uniremedy.info"; classtype:web-application-activity; sid:300000419; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatcboulevard.xyz"; classtype:web-application-activity; sid:300000420; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatmstreet.xyz"; classtype:web-application-activity; sid:300000421; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upbeatmway.xyz"; classtype:web-application-activity; sid:300000422; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatecurrent-thegreatlyfile.best"; classtype:web-application-activity; sid:300000423; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-thecurrentfile.best"; classtype:web-application-activity; sid:300000424; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-thenewestfile.best"; classtype:web-application-activity; sid:300000425; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updategreatly-therecentfile.best"; classtype:web-application-activity; sid:300000426; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updatelatest-thegreatlyfile.best"; classtype:web-application-activity; sid:300000427; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"updaterecent-thegreatlyfile.best"; classtype:web-application-activity; sid:300000428; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upmakesite.xyz"; classtype:web-application-activity; sid:300000429; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"upplayglobal.xyz"; classtype:web-application-activity; sid:300000430; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vexearth.xyz"; classtype:web-application-activity; sid:300000431; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viral-surveys.win"; classtype:web-application-activity; sid:300000432; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"viralarticles.net"; classtype:web-application-activity; sid:300000433; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vital-health.club"; classtype:web-application-activity; sid:300000434; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vitalrole.info"; classtype:web-application-activity; sid:300000435; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpn-pro.info"; classtype:web-application-activity; sid:300000436; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpnadefenceplus.com"; classtype:web-application-activity; sid:300000437; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"vpntool.me"; classtype:web-application-activity; sid:300000438; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"website4all.info"; classtype:web-application-activity; sid:300000439; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websiteforall.work"; classtype:web-application-activity; sid:300000440; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"websitetoget.work"; classtype:web-application-activity; sid:300000441; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessgram.info"; classtype:web-application-activity; sid:300000442; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wellnessplum.info"; classtype:web-application-activity; sid:300000443; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wherentlybrane.site"; classtype:web-application-activity; sid:300000444; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"wowlifestyle.info"; classtype:web-application-activity; sid:300000445; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrade.info"; classtype:web-application-activity; sid:300000446; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrades.info"; classtype:web-application-activity; sid:300000447; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestlinkupgrading.info"; classtype:web-application-activity; sid:300000448; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnection.info"; classtype:web-application-activity; sid:300000449; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbestvideoconnections.info"; classtype:web-application-activity; sid:300000450; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayer.info"; classtype:web-application-activity; sid:300000451; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourbettercleanplayers.info"; classtype:web-application-activity; sid:300000452; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrade.info"; classtype:web-application-activity; sid:300000453; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplaceupgrades.info"; classtype:web-application-activity; sid:300000454; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdate.work"; classtype:web-application-activity; sid:300000455; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryplayerupdating.work"; classtype:web-application-activity; sid:300000456; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrades.info"; classtype:web-application-activity; sid:300000457; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourlegendaryvideoupgrading.info"; classtype:web-application-activity; sid:300000458; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestplayerlink.best"; classtype:web-application-activity; sid:300000459; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafestreliablelink.work"; classtype:web-application-activity; sid:300000460; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelink.info"; classtype:web-application-activity; sid:300000461; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafeststablelinks.info"; classtype:web-application-activity; sid:300000462; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yoursafesystemsupdating.work"; classtype:web-application-activity; sid:300000463; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"yourultimateperfectupgrades.work"; classtype:web-application-activity; sid:300000464; rev:1;)
|
|
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"pup-filter PUP website detected"; flow:established,from_client; http.method; content:"GET"; http.host; content:"ysfetinora.tk"; classtype:web-application-activity; sid:300000465; rev:1;)
|