# 10yearsofborn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000000; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|10yearsofborn|03|com"; nocase; ) # 11111111.noip.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000001; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|11111111|04|noip|02|me"; nocase; ) # 111xxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000002; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|111xxx|03|com"; nocase; ) # 112038398dc590fd910f04439eba2dc2.ovh [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000003; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|20|112038398dc590fd910f04439eba2dc2|03|ovh"; nocase; ) # 1rot1ro05p5pc654ktuj74i.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000004; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|1rot1ro05p5pc654ktuj74i|04|ddns|03|net"; nocase; ) # 1vp412e12nheix.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000005; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|1vp412e12nheix|03|net"; nocase; ) # 2002.us.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000006; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|2002|02|us|02|to"; nocase; ) # 21gold.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000007; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|21gold|03|org"; nocase; ) # 3duboxe0mr3hef7nkxuj3jq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000008; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|3duboxe0mr3hef7nkxuj3jq|04|ddns|03|net"; nocase; ) # 42k2bu15.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000009; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|42k2bu15|03|com"; nocase; ) # 86b6b6b6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000010; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|86b6b6b6|03|com"; nocase; ) # 89025840.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000011; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|89025840|03|com"; nocase; ) # 9999992009.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000012; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|9999992009|04|myfw|02|us"; nocase; ) # 9999992011.rr.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000013; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|9999992011|02|rr|02|nu"; nocase; ) # a1hcy1xendd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000014; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|a1hcy1xendd|03|net"; nocase; ) # a1k8h2xendd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000015; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|a1k8h2xendd|04|info"; nocase; ) # a1t9y1xendd.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000016; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|a1t9y1xendd|04|info"; nocase; ) # a1z1h2xendd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000017; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|a1z1h2xendd|03|biz"; nocase; ) # aabazrewdatupogre.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000018; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabazrewdatupogre|02|ga"; nocase; ) # aabcgukomotredcxi.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000019; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabcgukomotredcxi|02|ga"; nocase; ) # aabcgukomotredcxi.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000020; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabcgukomotredcxi|02|gq"; nocase; ) # aabdtuhugfredhoo.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000021; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aabdtuhugfredhoo|02|ml"; nocase; ) # aadfresawcgyhlkjni.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000022; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|aadfresawcgyhlkjni|02|cf"; nocase; ) # abc69696969.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000023; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|abc69696969|04|vicp|03|net"; nocase; ) # abdav21.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000024; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|abdav21|04|ddns|03|net"; nocase; ) # abo0u6ach9k3w.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000025; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|abo0u6ach9k3w|03|net"; nocase; ) # account-user.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000026; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|account-user|03|com"; nocase; ) # ad-marketing.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000027; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ad-marketing|03|net"; nocase; ) # ad-void.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000028; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|ad-void|03|com"; nocase; ) # adobeflashupdate.dynu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000029; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|adobeflashupdate|04|dynu|03|com"; nocase; ) # adorephoto.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000030; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|adorephoto|03|org"; nocase; ) # adwordactivation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000031; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|adwordactivation|03|com"; nocase; ) # affairdot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000032; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|affairdot|03|com"; nocase; ) # agabovyxdgcbibu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000033; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|agabovyxdgcbibu|03|com"; nocase; ) # agentwhite.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000034; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|agentwhite|04|ddns|03|net"; nocase; ) # ahahfgreateranglia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000035; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|ahahfgreateranglia|03|net"; nocase; ) # ahyushkavovu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000036; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ahyushkavovu|02|tk"; nocase; ) # ahyushkavovuzzz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000037; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ahyushkavovuzzz|02|ml"; nocase; ) # ahyushkavovuzzz.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000038; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ahyushkavovuzzz|02|tk"; nocase; ) # ahzx.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000039; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|ahzx|04|eicp|03|net"; nocase; ) # airtravelabroad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000040; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|airtravelabroad|03|com"; nocase; ) # aiwoyfullsmile.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000041; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|aiwoyfullsmile|03|net"; nocase; ) # aktogaasdvnovova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000042; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|cf"; nocase; ) # aktogaasdvnovova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000043; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|ga"; nocase; ) # aktogaasdvnovova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000044; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|gq"; nocase; ) # aktogaasdvnovova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000045; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|ml"; nocase; ) # aktogavnovova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000046; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|cf"; nocase; ) # aktogavnovova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000047; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|gq"; nocase; ) # akwotie.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000048; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|akwotie|04|ddns|03|net"; nocase; ) # alexandrelatsa.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000049; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|alexandrelatsa|02|ru"; nocase; ) # alicanhotel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000050; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|alicanhotel|03|com"; nocase; ) # amazinggreentechshop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000051; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|amazinggreentechshop|03|com"; nocase; ) # amerikauyghur.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000052; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|amerikauyghur|03|top"; nocase; ) # amf-themes.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000053; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|amf-themes|02|ru"; nocase; ) # ankapootle.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000054; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ankapootle|03|org"; nocase; ) # anlagenservices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000055; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|anlagenservices|03|com"; nocase; ) # anrduha.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000056; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|anrduha|04|info"; nocase; ) # apipiskavovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000057; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|apipiskavovu|02|ml"; nocase; ) # apnpartners.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000058; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|apnpartners|03|com"; nocase; ) # appeur.gnway.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000059; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|appeur|05|gnway|02|cc"; nocase; ) # applejp.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000060; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|applejp|04|myfw|02|us"; nocase; ) # appsjustforfun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000061; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|appsjustforfun|03|com"; nocase; ) # apyicrypt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000062; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|apyicrypt|03|com"; nocase; ) # aquametron.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000063; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|aquametron|03|com"; nocase; ) # arabtechmessenger.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000064; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|arabtechmessenger|03|net"; nocase; ) # arbitraryh.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000065; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|arbitraryh|03|top"; nocase; ) # atlasbeta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000066; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|atlasbeta|03|com"; nocase; ) # att.om [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000067; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|att|02|om"; nocase; ) # ausec.qc.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000068; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ausec|02|qc|02|to"; nocase; ) # autointsecurity.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000069; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|autointsecurity|03|com"; nocase; ) # autosync.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000070; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|autosync|04|info"; nocase; ) # auvovumalenkiu678.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000071; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|auvovumalenkiu678|02|cf"; nocase; ) # avdrygvovanemydak1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000072; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|avdrygvovanemydak1|02|tk"; nocase; ) # avdrygvovanemydakaa.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000073; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakaa|02|gq"; nocase; ) # avdrygvovanemyz.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000074; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|avdrygvovanemyz|02|gq"; nocase; ) # averagetheskidfellow.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000075; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|averagetheskidfellow|02|co|02|vu"; nocase; ) # avidnewssource.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000076; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|avidnewssource|03|com"; nocase; ) # avlib.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000077; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|avlib|02|in"; nocase; ) # avovagomosek2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000078; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|tk"; nocase; ) # avovakorova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000079; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|avovakorova|02|ga"; nocase; ) # avovakorova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000080; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|avovakorova|02|gq"; nocase; ) # avovakorova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000081; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|avovakorova|02|ml"; nocase; ) # avovakusokgavnafg.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000082; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avovakusokgavnafg|02|ga"; nocase; ) # avovakusokgavnafg.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000083; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avovakusokgavnafg|02|tk"; nocase; ) # avovapeterda.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000084; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovapeterda|02|gq"; nocase; ) # avovapeterda77.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000085; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|avovapeterda77|02|ga"; nocase; ) # avovapeterda77.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000086; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|avovapeterda77|02|ml"; nocase; ) # axtoomov.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000087; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|axtoomov|04|ddns|03|net"; nocase; ) # aynachatsrv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000088; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|aynachatsrv|03|com"; nocase; ) # azvdrygvovanemyz81.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000089; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|azvdrygvovanemyz81|02|ga"; nocase; ) # b2f8.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000090; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|b2f8|02|tk"; nocase; ) # b8dfs5ecw9p3o.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000091; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|b8dfs5ecw9p3o|04|info"; nocase; ) # baanaameex-seguridad22f2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000092; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|baanaameex-seguridad22f2|03|com"; nocase; ) # baatarhuu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000093; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|baatarhuu|03|com"; nocase; ) # baazsawetukovcsa.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000094; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|baazsawetukovcsa|02|ml"; nocase; ) # babkokohtybvcfreso.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000095; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|babkokohtybvcfreso|02|cf"; nocase; ) # backop.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000096; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|backop|04|mooo|03|com"; nocase; ) # baddadsclub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000097; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|baddadsclub|03|com"; nocase; ) # balamodaevi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000098; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|balamodaevi|03|com"; nocase; ) # banners.emol.cl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000099; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|banners|04|emol|02|cl"; nocase; ) # bannerspot.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000100; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|bannerspot|02|in"; nocase; ) # banqulerroman.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000101; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|banqulerroman|03|com"; nocase; ) # basketxrtz.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000102; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|basketxrtz|04|ddns|03|net"; nocase; ) # bbsystems.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000103; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bbsystems|04|info"; nocase; ) # ben770.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000104; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ben770|04|ddns|03|net"; nocase; ) # best-advertising.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000105; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|best-advertising|03|net"; nocase; ) # bestcopytoday.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000106; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|bestcopytoday|03|com"; nocase; ) # bfeom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000107; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|bfeom|03|com"; nocase; ) # bhai1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000108; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|bhai1|04|ddns|03|net"; nocase; ) # bigb00.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000109; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|bigb00|04|ddns|03|net"; nocase; ) # binachio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000110; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|binachio|03|org"; nocase; ) # biortherm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000111; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|biortherm|03|com"; nocase; ) # blackberry-apps-world.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000112; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|blackberry-apps-world|03|com"; nocase; ) # blizko.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000113; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|blizko|03|net"; nocase; ) # blizko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000114; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|blizko|03|org"; nocase; ) # blyavovarealn44ogavno.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000115; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|blyavovarealn44ogavno|02|gq"; nocase; ) # bmlv-gv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000116; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|bmlv-gv|02|eu"; nocase; ) # bnxjgqotkqaftj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000117; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bnxjgqotkqaftj|03|com"; nocase; ) # bochonokvovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000118; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bochonokvovu|02|ml"; nocase; ) # boganytuvovaiga.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000119; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|boganytuvovaiga|02|gq"; nocase; ) # boganytuvovaiga.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000120; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|boganytuvovaiga|02|ml"; nocase; ) # bogev3ovaneu3dac3hnik.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000121; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|bogev3ovaneu3dac3hnik|02|gq"; nocase; ) # bogev3ovaneu3dac3hnik.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000122; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|bogev3ovaneu3dac3hnik|02|tk"; nocase; ) # bonetakus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000123; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bonetakus|03|com"; nocase; ) # boobupeakfood.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000124; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|boobupeakfood|03|com"; nocase; ) # bovuugodvuecf.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000125; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|bovuugodvuecf|04|ddns|03|net"; nocase; ) # brasmu.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000126; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|brasmu|03|com|02|br"; nocase; ) # breteau-photographe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000127; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|breteau-photographe|03|com"; nocase; ) # brittlefilet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000128; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|brittlefilet|03|com"; nocase; ) # brookmensoklinherz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000129; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|brookmensoklinherz|03|org"; nocase; ) # bs7aygotd2rnjl4o.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000130; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|bs7aygotd2rnjl4o|05|onion"; nocase; ) # bulldog.toh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000131; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|bulldog|03|toh|04|info"; nocase; ) # business-made-fun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000132; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|business-made-fun|03|com"; nocase; ) # businessdealsblog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000133; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|businessdealsblog|03|com"; nocase; ) # bvovapeterda.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000134; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bvovapeterda|02|ga"; nocase; ) # bvovapeterda.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000135; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bvovapeterda|02|ml"; nocase; ) # bwfllc.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000136; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|bwfllc|02|co"; nocase; ) # bxateca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000137; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|bxateca|03|net"; nocase; ) # bytewiser.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000138; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bytewiser|03|com"; nocase; ) # c0dbq5vcj9o3e.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000139; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|c0dbq5vcj9o3e|04|info"; nocase; ) # c1v9j2pahfi8w1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000140; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|c1v9j2pahfi8w1f|03|biz"; nocase; ) # c1v9l8s6yei8w1f.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000141; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|c1v9l8s6yei8w1f|04|info"; nocase; ) # cac.com.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000142; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|cac|03|com|02|cn"; nocase; ) # cahciuni-duisburg-essen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000143; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|cahciuni-duisburg-essen|03|com"; nocase; ) # captainangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000144; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|captainangry|03|net"; nocase; ) # captainbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000145; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|captainbehind|03|net"; nocase; ) # captaindried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000146; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|captaindried|03|net"; nocase; ) # caramelochpetinnew2.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000147; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|caramelochpetinnew2|04|ddns|03|net"; nocase; ) # catologipdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000148; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|catologipdate|03|com"; nocase; ) # cbbnews.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000149; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|cbbnews|02|tk"; nocase; ) # cdnhxeqqnn.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000150; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|cdnhxeqqnn|02|fr"; nocase; ) # centerssweet.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000151; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|centerssweet|02|ga"; nocase; ) # christmaslastdeals.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000152; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|christmaslastdeals|03|com"; nocase; ) # chriswork.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000153; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|chriswork|04|ddns|03|net"; nocase; ) # chromecrashreport.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000154; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|chromecrashreport|03|com"; nocase; ) # cinnamonextract.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000155; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|cinnamonextract|03|net"; nocase; ) # clialjscnotjclientcli.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000156; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|clialjscnotjclientcli|02|me"; nocase; ) # clothdiapersexpert.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000157; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|clothdiapersexpert|03|com"; nocase; ) # cloudsvr337.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000158; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|cloudsvr337|03|com"; nocase; ) # coldydesign.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000159; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|coldydesign|03|com"; nocase; ) # confirm-info-account-bnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000160; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|confirm-info-account-bnk|03|com"; nocase; ) # conopizzabrasil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000161; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|conopizzabrasil|03|com"; nocase; ) # conopizzavenezuela.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000162; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|conopizzavenezuela|03|com"; nocase; ) # content-into-cash.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000163; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|content-into-cash|03|com"; nocase; ) # correctip.noip.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000164; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|correctip|04|noip|02|me"; nocase; ) # costatechhelp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000165; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|costatechhelp|03|com"; nocase; ) # cowforhelp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000166; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|cowforhelp|03|com"; nocase; ) # cribdare2no.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000167; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|cribdare2no|03|com"; nocase; ) # crowdmaster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000168; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|crowdmaster|03|net"; nocase; ) # cryptorepairsystems.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000169; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|cryptorepairsystems|03|com"; nocase; ) # csrss-check-new.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000170; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|csrss-check-new|03|com"; nocase; ) # cuopxeudu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000171; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|cuopxeudu|04|ddns|03|net"; nocase; ) # cvovapeterda.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000172; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cvovapeterda|02|ml"; nocase; ) # cvovapeterdaga.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000173; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|cvovapeterdaga|02|gq"; nocase; ) # cvovapeterdaga.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000174; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|cvovapeterdaga|02|ml"; nocase; ) # d75a141z8no9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000175; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|d75a141z8no9|03|com"; nocase; ) # daaserthupo.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000176; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daaserthupo|02|tk"; nocase; ) # daceduyokon.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000177; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daceduyokon|02|ga"; nocase; ) # dbdrivers.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000178; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dbdrivers|03|biz"; nocase; ) # dcfastgroup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000179; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dcfastgroup|03|com"; nocase; ) # debulittro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000180; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|debulittro|03|com"; nocase; ) # decidearticle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000181; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|decidearticle|03|net"; nocase; ) # deertraefople.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000182; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|deertraefople|03|com"; nocase; ) # deervalleyassociation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000183; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|deervalleyassociation|03|com"; nocase; ) # defencereview.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000184; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|defencereview|02|eu"; nocase; ) # delivery-yahoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000185; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|delivery-yahoo|03|com"; nocase; ) # delivery.dpis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000186; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|delivery|04|dpis|03|com"; nocase; ) # designsbytony.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000187; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|designsbytony|02|co"; nocase; ) # desixb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000188; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|desixb|03|com"; nocase; ) # detter.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000189; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|detter|02|co|02|vu"; nocase; ) # developarea.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000190; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|developarea|04|mooo|03|com"; nocase; ) # dfrank.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000191; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|dfrank|03|top"; nocase; ) # dicemention.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000192; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dicemention|03|com"; nocase; ) # differentia.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000193; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|differentia|02|ru"; nocase; ) # dkilograzmvovuf3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000194; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dkilograzmvovuf3|02|tk"; nocase; ) # dll-host.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000195; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|dll-host|03|com"; nocase; ) # dllupdate.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000196; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dllupdate|04|info"; nocase; ) # dns22dns22.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000197; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|dns22dns22|02|ru"; nocase; ) # dnshost5577.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000198; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dnshost5577|03|com"; nocase; ) # dnsmask.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000199; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dnsmask|04|info"; nocase; ) # dnsportal.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000200; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dnsportal|04|info"; nocase; ) # dnsupdate.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000201; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dnsupdate|04|info"; nocase; ) # dnt5b.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000202; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|dnt5b|04|myfw|02|us"; nocase; ) # docscountry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000203; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|docscountry|03|com"; nocase; ) # docustoragebank.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000204; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|docustoragebank|03|com"; nocase; ) # doefruevtan.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000205; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|doefruevtan|04|ddns|03|net"; nocase; ) # dotpago.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000206; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dotpago|04|ddns|03|net"; nocase; ) # doubtangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000207; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|doubtangry|03|net"; nocase; ) # drive-google.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000208; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|drive-google|02|co"; nocase; ) # drygvovanemzz.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000209; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemzz|02|tk"; nocase; ) # drygvovanemzz4.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000210; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drygvovanemzz4|02|cf"; nocase; ) # drygvovanemzz4.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000211; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drygvovanemzz4|02|ga"; nocase; ) # drygvovanemzz4.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000212; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drygvovanemzz4|02|gq"; nocase; ) # drygvovanemzz4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000213; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drygvovanemzz4|02|tk"; nocase; ) # duteraneh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000214; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|duteraneh|03|com"; nocase; ) # duwugunuwaqauk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000215; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|duwugunuwaqauk|04|ddns|03|net"; nocase; ) # dwc5cbjada.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000216; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|dwc5cbjada|03|net"; nocase; ) # dynaunit.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000217; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|dynaunit|04|info"; nocase; ) # dyndns.tv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000218; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|dyndns|02|tv"; nocase; ) # e4aibjtrguqlyaow.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000219; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|e4aibjtrguqlyaow|05|onion"; nocase; ) # ebookedit.ticp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000220; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ebookedit|04|ticp|03|net"; nocase; ) # ecunxoorokonw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000221; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ecunxoorokonw|04|ddns|03|net"; nocase; ) # efiop.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000222; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|efiop|04|info"; nocase; ) # egbowantedjs.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000223; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|egbowantedjs|04|ddns|03|net"; nocase; ) # ehsni4523ro414k.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000224; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ehsni4523ro414k|04|ddns|03|net"; nocase; ) # eifaesbicardmegamall.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000225; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|eifaesbicardmegamall|03|net"; nocase; ) # eke.pe.hu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000226; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|eke|02|pe|02|hu"; nocase; ) # elimi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000227; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|elimi|03|net"; nocase; ) # elorfans4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000228; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans4|03|com"; nocase; ) # elorfans6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000229; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans6|03|com"; nocase; ) # enherthadugh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000230; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|enherthadugh|02|ru"; nocase; ) # erazzers.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000231; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|erazzers|03|com"; nocase; ) # ercehuhowi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000232; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ercehuhowi|04|ddns|03|net"; nocase; ) # estuty.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000233; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|estuty|03|com"; nocase; ) # etam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000234; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|etam|03|com"; nocase; ) # etdt.cable.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000235; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|etdt|05|cable|02|nu"; nocase; ) # etsnmxe2gn3hwdq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000236; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|etsnmxe2gn3hwdq|04|ddns|03|net"; nocase; ) # europeanda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000237; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|europeanda|03|com"; nocase; ) # ewillsin.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000238; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ewillsin|04|ddns|03|net"; nocase; ) # f4b7.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000239; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|f4b7|02|tk"; nocase; ) # fandanfos.xhc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000240; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fandanfos|03|xhc|02|ru"; nocase; ) # farialsabrina.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000241; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|farialsabrina|03|com"; nocase; ) # fastserviceworld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000242; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|fastserviceworld|03|com"; nocase; ) # fastssamplestrash.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000243; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|fastssamplestrash|03|com"; nocase; ) # fdfddffdfdfhyyuyuyrjhy.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000244; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|fdfddffdfdfhyyuyuyrjhy|02|co|02|vu"; nocase; ) # fdshjfsh324332432.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000245; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|fdshjfsh324332432|03|com"; nocase; ) # fergerama.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000246; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fergerama|03|com"; nocase; ) # fermentzone.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000247; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|fermentzone|03|com"; nocase; ) # ferom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000248; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ferom|03|org"; nocase; ) # fezhvfw.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000249; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|fezhvfw|02|yi|03|org"; nocase; ) # fflord25.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000250; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fflord25|03|com"; nocase; ) # financialnewsonline.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000251; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|financialnewsonline|02|pw"; nocase; ) # financialwiki.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000252; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|financialwiki|02|pw"; nocase; ) # flierunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000253; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|flierunderstand|03|net"; nocase; ) # fmension.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000254; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fmension|02|tk"; nocase; ) # forboringbusinesses.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000255; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|forboringbusinesses|03|com"; nocase; ) # foryousee.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000256; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|foryousee|03|net"; nocase; ) # free1999.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000257; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|free1999|04|jkub|03|com"; nocase; ) # freemsk-dns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000258; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|freemsk-dns|03|com"; nocase; ) # freeteenpornvideo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000259; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|freeteenpornvideo|03|org"; nocase; ) # fridayroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000260; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fridayroad|03|net"; nocase; ) # fscurat20.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000261; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fscurat20|03|com"; nocase; ) # fuckingsh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000262; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fuckingsh|03|com"; nocase; ) # fulplanet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000263; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fulplanet|03|com"; nocase; ) # futurecomtechnologies.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000264; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|futurecomtechnologies|03|com"; nocase; ) # futuresgolda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000265; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|futuresgolda|03|com"; nocase; ) # fuxee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000266; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|fuxee|03|com"; nocase; ) # g1osp1odin1ytui1dayn1vova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000267; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|g1osp1odin1ytui1dayn1vova|02|gq"; nocase; ) # gabro.xxuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000268; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|gabro|04|xxuz|03|com"; nocase; ) # gavnsxuwkavova3.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000269; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gavnsxuwkavova3|02|cf"; nocase; ) # gavnsxuwkavova3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000270; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gavnsxuwkavova3|02|tk"; nocase; ) # gavnuwkavova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000271; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|ga"; nocase; ) # gazetaipeuna.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000272; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gazetaipeuna|03|com|02|br"; nocase; ) # gecko.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000273; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|gecko|04|jkub|03|com"; nocase; ) # genuine-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000274; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|genuine-check|03|com"; nocase; ) # genuineupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000275; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|genuineupdate|03|com"; nocase; ) # geordie.land [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000276; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|geordie|04|land"; nocase; ) # geosaiti.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000277; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|geosaiti|02|ru"; nocase; ) # gfimail.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000278; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|gfimail|02|us"; nocase; ) # giga-flock.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000279; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|giga-flock|03|com"; nocase; ) # globalnetworkanalys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000280; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|globalnetworkanalys|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # go-upload.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000281; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|go-upload|02|ru"; nocase; ) # goldennavratnacuopon.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000282; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|goldennavratnacuopon|03|com"; nocase; ) # good.wha.la [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000283; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|good|03|wha|02|la"; nocase; ) # goodbizez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000284; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|goodbizez|03|com"; nocase; ) # goodnewspaper.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000285; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|goodnewspaper|04|gicp|03|net"; nocase; ) # goods11.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000286; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|goods11|04|ddns|03|net"; nocase; ) # google-user-cache.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000287; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|google-user-cache|03|com"; nocase; ) # googlemailservice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000288; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|googlemailservice|03|com"; nocase; ) # googlewebcache.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000289; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|googlewebcache|03|com"; nocase; ) # googleyndication.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000290; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|googleyndication|03|com"; nocase; ) # gospodinytuidaynvova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000291; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|cf"; nocase; ) # gospodinytuidaynvova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000292; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|ga"; nocase; ) # gospodinytuidaynvova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000293; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|ml"; nocase; ) # gospodinytuidaynvova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000294; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|tk"; nocase; ) # gouhumuvelcua.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000295; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|gouhumuvelcua|04|ddns|03|net"; nocase; ) # gqzrdawmmvaalpevd0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000296; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|gqzrdawmmvaalpevd0|03|com"; nocase; ) # greencastleadvantage.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000297; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|greencastleadvantage|03|com"; nocase; ) # greensky27.vcip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000298; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|greensky27|04|vcip|03|net"; nocase; ) # groeneweg-smb.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000299; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|groeneweg-smb|02|nl"; nocase; ) # guest-access.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000300; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|guest-access|03|net"; nocase; ) # gurtgusinoi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000301; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|gurtgusinoi|03|com"; nocase; ) # guttechhelp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000302; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|guttechhelp|03|com"; nocase; ) # gypqlkwgkmzapx33.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000303; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|gypqlkwgkmzapx33|03|com"; nocase; ) # h3yiloavovka.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000304; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|h3yiloavovka|02|gq"; nocase; ) # harry150.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000305; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|harry150|04|ddns|03|net"; nocase; ) # hcaheathcare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000306; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hcaheathcare|03|com"; nocase; ) # hedattoftle.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000307; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hedattoftle|02|ru"; nocase; ) # heethai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000308; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|heethai|03|com"; nocase; ) # help-save-wildlife.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000309; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|help-save-wildlife|03|com"; nocase; ) # helpcenter2br6932.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000310; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|helpcenter2br6932|02|cc"; nocase; ) # helpdesk.lnip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000311; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|helpdesk|04|lnip|03|org"; nocase; ) # helthnews.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000312; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|helthnews|02|ga"; nocase; ) # heritageblog.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000313; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|heritageblog|03|org"; nocase; ) # herura.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000314; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|herura|04|ddns|03|net"; nocase; ) # hevpazana.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000315; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hevpazana|03|org"; nocase; ) # hhpro.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000316; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|hhpro|02|tk"; nocase; ) # holipolks12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000317; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|holipolks12|03|com"; nocase; ) # holodpvovocs4hka23.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000318; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|cf"; nocase; ) # holodpvovocs4hka23.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000319; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|ga"; nocase; ) # holodpvovocs4hka23.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000320; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|gq"; nocase; ) # hoomoimtex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000321; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|hoomoimtex|03|com"; nocase; ) # horizons-tourisme.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000322; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|horizons-tourisme|03|com"; nocase; ) # howthatficy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000323; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|howthatficy|02|ru"; nocase; ) # hpareyouhereqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000324; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|hpareyouhereqq|03|com"; nocase; ) # htkg009.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000325; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|htkg009|04|gicp|03|net"; nocase; ) # hulahope.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000326; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|hulahope|04|mooo|03|com"; nocase; ) # humanbeing2009.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000327; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|humanbeing2009|04|gicp|03|net"; nocase; ) # huosinamu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000328; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|huosinamu|04|ddns|03|net"; nocase; ) # hyihyimel.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000329; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hyihyimel|02|kz"; nocase; ) # icafyfootsinso.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000330; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|icafyfootsinso|02|ru"; nocase; ) # iezqmd4s2fflmh7n.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000331; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|iezqmd4s2fflmh7n|05|onion"; nocase; ) # imagescdn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000332; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|imagescdn|02|ru"; nocase; ) # imkosan.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000333; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|imkosan|03|net"; nocase; ) # indexbb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000334; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|indexbb|03|com"; nocase; ) # industrywork.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000335; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|industrywork|04|mooo|03|com"; nocase; ) # ineedj0b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000336; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ineedj0b|03|com"; nocase; ) # infomcheck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000337; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|infomcheck|03|com"; nocase; ) # innerspacestudio.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000338; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|innerspacestudio|02|co|02|uk"; nocase; ) # inpoucher.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000339; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|inpoucher|03|com"; nocase; ) # inspiretradeexpo.co.za [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000340; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|inspiretradeexpo|02|co|02|za"; nocase; ) # integratedmedtech.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000341; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|integratedmedtech|03|com"; nocase; ) # intelnetservice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000342; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|intelnetservice|03|com"; nocase; ) # internetcalxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000343; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|internetcalxa|03|com"; nocase; ) # intexfunclub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000344; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|intexfunclub|03|com"; nocase; ) # ipcorrect.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000345; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ipcorrect|04|ddns|03|net"; nocase; ) # itsec.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000346; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|itsec|04|eicp|03|net"; nocase; ) # jamestommyyy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000347; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|jamestommyyy|04|ddns|03|net"; nocase; ) # jblhidraulica.ind.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000348; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|jblhidraulica|03|ind|02|br"; nocase; ) # jeihodisneyturkiye.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000349; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|jeihodisneyturkiye|03|com"; nocase; ) # jhgfskjfshgjkfhgkjfsghf.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000350; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|jhgfskjfshgjkfhgkjfsghf|02|co|02|vu"; nocase; ) # jmxkowzoen.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000351; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|jmxkowzoen|04|info"; nocase; ) # jpsaleyes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000352; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|jpsaleyes|03|com"; nocase; ) # jry1234.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000353; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|jry1234|04|ddns|03|net"; nocase; ) # jtrho.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000354; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jtrho|03|net"; nocase; ) # judalien.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000355; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|judalien|04|ddns|03|net"; nocase; ) # juegosderestaurantesgratis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000356; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1a|juegosderestaurantesgratis|03|net"; nocase; ) # jugainfghjfghfffhfhfhfgj.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000357; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|jugainfghjfghfffhfhfhfgj|02|co|02|vu"; nocase; ) # jviincentthailand.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000358; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|jviincentthailand|03|com"; nocase; ) # jyjhsvgkpeni0g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000359; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|jyjhsvgkpeni0g|03|com"; nocase; ) # jzkebkiznfttde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000360; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|jzkebkiznfttde|03|com"; nocase; ) # k2l8z1yeodm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000361; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|k2l8z1yeodm|04|info"; nocase; ) # k2zbz1yeodm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000362; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|k2zbz1yeodm|04|info"; nocase; ) # kakoi5getulo5hvov5a.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000363; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|kakoi5getulo5hvov5a|02|cf"; nocase; ) # kakoi5getulo5hvov5a.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000364; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|kakoi5getulo5hvov5a|02|gq"; nocase; ) # kakoigetulohvova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000365; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kakoigetulohvova|02|gq"; nocase; ) # kaktusvovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000366; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaktusvovu|02|gq"; nocase; ) # kalakuta1221.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000367; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kalakuta1221|04|ddns|03|net"; nocase; ) # kaprizylka.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000368; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaprizylka|02|ml"; nocase; ) # karlsadroch27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000369; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|karlsadroch27|03|com"; nocase; ) # kashbox.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000370; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|kashbox|02|ru"; nocase; ) # kb63vhjuk3wh4ex7.onion.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000371; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kb63vhjuk3wh4ex7|05|onion|02|to"; nocase; ) # kcdjqxk4jjwzjopq.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000372; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kcdjqxk4jjwzjopq|05|onion"; nocase; ) # kilaxuntf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000373; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|kilaxuntf|02|ru"; nocase; ) # kilogramvovu.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000374; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|ga"; nocase; ) # kilogramvovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000375; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|ml"; nocase; ) # korolewskans.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000376; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|korolewskans|02|ml"; nocase; ) # kosnetsyanetolko.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000377; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kosnetsyanetolko|03|com"; nocase; ) # kpddkeeded.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000378; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kpddkeeded|02|gq"; nocase; ) # krusperon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000379; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|krusperon|03|net"; nocase; ) # kuytrj.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000380; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|kuytrj|02|eu"; nocase; ) # kyawthumyin.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000381; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|kyawthumyin|04|xicp|03|net"; nocase; ) # lamb-site.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000382; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lamb-site|03|com"; nocase; ) # lambada.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000383; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|lambada|02|co|02|vu"; nocase; ) # lamusica-dj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000384; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|lamusica-dj|03|com"; nocase; ) # largefifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000385; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|largefifteen|03|net"; nocase; ) # lastmoon.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000386; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lastmoon|04|mooo|03|com"; nocase; ) # laurence-chocolate.gr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000387; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|laurence-chocolate|02|gr"; nocase; ) # lawkimsun.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000388; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lawkimsun|04|ddns|03|net"; nocase; ) # leakforums.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000389; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|leakforums|03|com"; nocase; ) # leeroywork3.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000390; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|leeroywork3|02|co"; nocase; ) # leftterbutbet.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000391; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|leftterbutbet|02|ru"; nocase; ) # lemptyzp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000392; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lemptyzp|03|org"; nocase; ) # leveldelta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000393; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|leveldelta|03|com"; nocase; ) # lifelight.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000394; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lifelight|03|net"; nocase; ) # linkedim.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000395; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|linkedim|02|in"; nocase; ) # linturefa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000396; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|linturefa|03|com"; nocase; ) # liptona.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000397; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|liptona|03|net"; nocase; ) # listmypropertyfree.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000398; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|listmypropertyfree|03|com"; nocase; ) # litramoloka.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000399; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|litramoloka|02|ru"; nocase; ) # localgateway.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000400; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|localgateway|04|info"; nocase; ) # lofubnzmegl1v.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000401; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|lofubnzmegl1v|03|com"; nocase; ) # loopowakm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000402; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|loopowakm|04|ddns|03|net"; nocase; ) # looxnaaluhotw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000403; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|looxnaaluhotw|04|ddns|03|net"; nocase; ) # lsassoc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000404; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|lsassoc|03|com"; nocase; ) # ltedown.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000405; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|ltedown|03|com"; nocase; ) # m2kcjcj2ifj8x1o.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000406; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|m2kcjcj2ifj8x1o|03|biz"; nocase; ) # m7lea5yck9i3l.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000407; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|m7lea5yck9i3l|03|biz"; nocase; ) # machupicchuviagem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000408; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|machupicchuviagem|03|com"; nocase; ) # macstore.vicp.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000409; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|macstore|04|vicp|02|cc"; nocase; ) # mail-news.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000410; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mail-news|04|eicp|03|net"; nocase; ) # mail-ukr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000411; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mail-ukr|03|net"; nocase; ) # mailyandexru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000412; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mailyandexru|03|com"; nocase; ) # maininvoicegate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000413; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|maininvoicegate|03|com"; nocase; ) # manafasia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000414; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|manafasia|03|com"; nocase; ) # marktingvb.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000415; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|marktingvb|02|ml"; nocase; ) # martyanovdrweb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000416; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|martyanovdrweb|03|com"; nocase; ) # marzie.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000417; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|marzie|03|org"; nocase; ) # mashinkhabar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000418; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mashinkhabar|03|com"; nocase; ) # masteryuga.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000419; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|masteryuga|02|ru"; nocase; ) # mcm-yachtmanagement.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000420; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|mcm-yachtmanagement|03|com"; nocase; ) # mediahitech.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000421; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mediahitech|04|info"; nocase; ) # mediarea.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000422; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mediarea|03|org"; nocase; ) # mediastock.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000423; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mediastock|04|otzo|03|com"; nocase; ) # melding-technology.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000424; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|melding-technology|03|com"; nocase; ) # melon25.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000425; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|melon25|02|ru"; nocase; ) # menstoreins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000426; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|menstoreins|03|com"; nocase; ) # metaframeworkshop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000427; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|metaframeworkshop|03|com"; nocase; ) # microsoft-warning.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000428; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|microsoft-warning|03|com"; nocase; ) # microsoftosupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000429; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|microsoftosupdate|03|com"; nocase; ) # microsoftupdateserver.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000430; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|microsoftupdateserver|03|net"; nocase; ) # midehefo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000431; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|midehefo|02|ru"; nocase; ) # militaryobserver.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000432; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|militaryobserver|03|net"; nocase; ) # mirefocus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000433; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mirefocus|03|com"; nocase; ) # mivibicoruq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000434; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mivibicoruq|04|ddns|03|net"; nocase; ) # modelstarinvo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000435; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|modelstarinvo|03|com"; nocase; ) # molokalitra.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000436; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|molokalitra|02|ru"; nocase; ) # morelikestoday.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000437; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|morelikestoday|03|com"; nocase; ) # morning3.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000438; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|morning3|02|ru"; nocase; ) # moukenji.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000439; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|moukenji|04|ddns|03|net"; nocase; ) # mousegigiop.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000440; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mousegigiop|02|co|02|vu"; nocase; ) # mozillaplagins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000441; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|mozillaplagins|03|com"; nocase; ) # mp3miner.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000442; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mp3miner|03|com"; nocase; ) # mpandroid-filin.mail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000443; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|mpandroid-filin|04|mail|02|ru"; nocase; ) # ms-software-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000444; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|ms-software-update|03|com"; nocase; ) # muavosecit.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000445; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|muavosecit|04|ddns|03|net"; nocase; ) # mukor.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000446; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|mukor|04|ddns|03|net"; nocase; ) # mvwjg0knary23je.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000447; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|mvwjg0knary23je|04|ddns|03|net"; nocase; ) # myanmartech.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000448; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|myanmartech|04|vicp|03|net"; nocase; ) # mydeyuming.cable.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000449; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mydeyuming|05|cable|02|nu"; nocase; ) # myfishdown.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000450; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|myfishdown|03|com"; nocase; ) # myloveforever.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000451; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|myloveforever|03|biz"; nocase; ) # mypcoptimizerpro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000452; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|mypcoptimizerpro|03|com"; nocase; ) # myrorecrab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000453; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|myrorecrab|03|com"; nocase; ) # mysync.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000454; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|mysync|04|info"; nocase; ) # mytelkomsel.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000455; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mytelkomsel|02|co"; nocase; ) # mywatchkopi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000456; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mywatchkopi|03|com"; nocase; ) # natoexhibitionff14.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000457; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|natoexhibitionff14|03|com"; nocase; ) # natopress.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000458; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|natopress|03|com"; nocase; ) # naturstein-schubert.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000459; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|naturstein-schubert|02|de"; nocase; ) # navicompany.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000460; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|navicompany|03|com"; nocase; ) # nawerhuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000461; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|nawerhuy|03|com"; nocase; ) # neochenvezhlivo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000462; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|neochenvezhlivo|03|com"; nocase; ) # nestedmail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000463; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nestedmail|03|com"; nocase; ) # network-acs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000464; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|network-acs|03|biz"; nocase; ) # networkupdate.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000465; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|networkupdate|03|net"; nocase; ) # newbalance-schoenen.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000466; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|newbalance-schoenen|02|nl"; nocase; ) # newdowr.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000467; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|newdowr|04|otzo|03|com"; nocase; ) # newwhitehouse.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000468; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|newwhitehouse|03|org"; nocase; ) # newyorkonlin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000469; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|newyorkonlin|03|com"; nocase; ) # ngcontabil.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000470; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ngcontabil|03|com|02|br"; nocase; ) # nividu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000471; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|nividu|03|com"; nocase; ) # njdyqrbioh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000472; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|njdyqrbioh|04|info"; nocase; ) # nohissandbo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000473; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|nohissandbo|02|ru"; nocase; ) # noproblemsbro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000474; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|noproblemsbro|03|com"; nocase; ) # northropgrumman.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000475; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|northropgrumman|03|net"; nocase; ) # novartis-it.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000476; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|novartis-it|03|com"; nocase; ) # nowruzbakher.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000477; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|nowruzbakher|03|com"; nocase; ) # nvidiasoft.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000478; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nvidiasoft|04|info"; nocase; ) # nwlxjqxstxclgngbw7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000479; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|nwlxjqxstxclgngbw7|03|com"; nocase; ) # nytunion.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000480; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|nytunion|03|com"; nocase; ) # nytuvo123vaigavno.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000481; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nytuvo123vaigavno|02|cf"; nocase; ) # nytuvo123vaigavno.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000482; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nytuvo123vaigavno|02|ml"; nocase; ) # o8s8i0qt74mjwbi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000483; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|o8s8i0qt74mjwbi|04|ddns|03|net"; nocase; ) # oah5w1w4uee8s1v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000484; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|oah5w1w4uee8s1v|03|biz"; nocase; ) # oaxey7m0lde8s1v.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000485; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|oaxey7m0lde8s1v|04|info"; nocase; ) # obwihecidik.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000486; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|obwihecidik|04|ddns|03|net"; nocase; ) # ociqusdal.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000487; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ociqusdal|04|ddns|03|net"; nocase; ) # ohmeisecurepay.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000488; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ohmeisecurepay|03|net"; nocase; ) # ohtepmoesic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000489; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|ohtepmoesic|03|com"; nocase; ) # oikujyhgt.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000490; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|oikujyhgt|02|co|02|vu"; nocase; ) # olkaerxedus.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000491; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|olkaerxedus|04|ddns|03|net"; nocase; ) # ondereteveng.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000492; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ondereteveng|02|ru"; nocase; ) # oofexsumtel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000493; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|oofexsumtel|03|net"; nocase; ) # ootuwtdautofinance.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000494; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|ootuwtdautofinance|03|net"; nocase; ) # opacutebmadufo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000495; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|opacutebmadufo|04|ddns|03|net"; nocase; ) # opudernsaqwer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000496; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|opudernsaqwer|03|com"; nocase; ) # orsai.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000497; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|orsai|03|net"; nocase; ) # othersforrep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000498; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|othersforrep|03|com"; nocase; ) # overpict.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000499; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|overpict|03|com"; nocase; ) # owwiloxvthttt1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000500; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|owwiloxvthttt1|03|com"; nocase; ) # paradise-plaza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000501; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|paradise-plaza|03|com"; nocase; ) # pardijusat.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000502; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pardijusat|02|ru"; nocase; ) # pbcgmmympm.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000503; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pbcgmmympm|04|info"; nocase; ) # pebulelet.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000504; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pebulelet|02|ru"; nocase; ) # philippinenews.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000505; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|philippinenews|04|mooo|03|com"; nocase; ) # philstarnotice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000506; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|philstarnotice|03|com"; nocase; ) # pienadigrazia.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000507; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|pienadigrazia|05|space"; nocase; ) # piragikolos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000508; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|piragikolos|03|com"; nocase; ) # pivuogusodtoku.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000509; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|pivuogusodtoku|04|ddns|03|net"; nocase; ) # pobbib.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000510; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|pobbib|02|co|02|vu"; nocase; ) # polarroute.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000511; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|polarroute|03|com"; nocase; ) # pollaid.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000512; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|pollaid|02|co|02|vu"; nocase; ) # pondoq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000513; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|pondoq|03|org"; nocase; ) # popskypevideo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000514; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|popskypevideo|03|net"; nocase; ) # popvideoskype.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000515; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|popvideoskype|03|com"; nocase; ) # popvideoskype.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000516; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|popvideoskype|04|info"; nocase; ) # portright.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000517; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|portright|03|org"; nocase; ) # posed2shade.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000518; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|posed2shade|03|com"; nocase; ) # post409.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000519; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|post409|03|org"; nocase; ) # postmun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000520; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|postmun|03|com"; nocase; ) # potopland.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000521; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|potopland|03|com"; nocase; ) # powerofthemind1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000522; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|powerofthemind1|04|ddns|03|net"; nocase; ) # pradahandbagsshoes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000523; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pradahandbagsshoes|03|com"; nocase; ) # precueairtight.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000524; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|precueairtight|02|ru"; nocase; ) # princelarry.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000525; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|princelarry|04|ddns|03|net"; nocase; ) # processrep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000526; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|processrep|03|com"; nocase; ) # purvis-manager.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000527; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|purvis-manager|03|com"; nocase; ) # putesysae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000528; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|putesysae|03|com"; nocase; ) # q5ncv0dekcm8a1p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000529; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|q5ncv0dekcm8a1p|03|biz"; nocase; ) # q5w0g7cbcem8a1p.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000530; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|q5w0g7cbcem8a1p|03|biz"; nocase; ) # quality-shopper.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000531; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|quality-shopper|03|com"; nocase; ) # queryforworld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000532; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|queryforworld|03|com"; nocase; ) # quickboot.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000533; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|quickboot|04|info"; nocase; ) # quickdomainfwd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000534; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|quickdomainfwd|03|com"; nocase; ) # qvllupuqjknz5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000535; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|qvllupuqjknz5|03|com"; nocase; ) # qwertygontul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000536; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|qwertygontul|03|com"; nocase; ) # raceroom.ch [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000537; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|raceroom|02|ch"; nocase; ) # randomfruits.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000538; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|randomfruits|03|net"; nocase; ) # rapidlyserv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000539; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rapidlyserv|03|com"; nocase; ) # raydonovan2015.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000540; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|raydonovan2015|04|ddns|03|net"; nocase; ) # realy.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000541; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|realy|04|mooo|03|com"; nocase; ) # redbluffchamber.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000542; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|redbluffchamber|03|com"; nocase; ) # redlrect-403av.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000543; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|redlrect-403av|03|com"; nocase; ) # redwithtertreb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000544; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|redwithtertreb|02|ru"; nocase; ) # regcon-asia.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000545; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|regcon-asia|02|kz"; nocase; ) # renrefhedked.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000546; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|renrefhedked|02|ru"; nocase; ) # renwitedrom.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000547; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|renwitedrom|02|ru"; nocase; ) # repherfeted.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000548; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|repherfeted|03|com"; nocase; ) # restavratormira.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000549; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|restavratormira|02|ru"; nocase; ) # reswahatce.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000550; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|reswahatce|02|ru"; nocase; ) # ricesmart.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000551; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ricesmart|03|com"; nocase; ) # rnil.am [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000552; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|rnil|02|am"; nocase; ) # rocaexesti.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000553; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|rocaexesti|04|ddns|03|net"; nocase; ) # rofhanrighhen.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000554; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|rofhanrighhen|02|ru"; nocase; ) # roshanavar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000555; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|roshanavar|03|com"; nocase; ) # roshav5xxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000556; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|roshav5xxx|03|com"; nocase; ) # rubiccrum.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000557; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|rubiccrum|03|com"; nocase; ) # runaie7s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000558; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|runaie7s|03|com"; nocase; ) # sacs-vetements-techniques.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000559; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|sacs-vetements-techniques|03|com"; nocase; ) # samuel-volke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000560; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|samuel-volke|03|com"; nocase; ) # savmpet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000561; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|savmpet|03|com"; nocase; ) # scara124.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000562; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|scara124|03|com"; nocase; ) # scolapedia.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000563; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|scolapedia|03|org"; nocase; ) # scpkrp.gmx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000564; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|scpkrp|03|gmx"; nocase; ) # sdfochekvovu4.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000565; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sdfochekvovu4|02|ga"; nocase; ) # seasonunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000566; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|seasonunderstand|03|net"; nocase; ) # sec-enhanced.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000567; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|sec-enhanced|03|org"; nocase; ) # securedtonnel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000568; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|securedtonnel|03|net"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # sefan.az [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000569; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|sefan|02|az"; nocase; ) # sek-sociology.gr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000570; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sek-sociology|02|gr"; nocase; ) # selkrom.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000571; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|selkrom|04|ddns|03|net"; nocase; ) # sells-store.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000572; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sells-store|03|com"; nocase; ) # seouldhaka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000573; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|seouldhaka|03|com"; nocase; ) # serbiotecnicos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000574; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|serbiotecnicos|03|com"; nocase; ) # serch.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000575; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|serch|04|vicp|03|net"; nocase; ) # seronet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000576; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|seronet|03|com"; nocase; ) # service-logins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000577; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|service-logins|03|com"; nocase; ) # sestoreinv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000578; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|sestoreinv|03|com"; nocase; ) # seven-sky.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000579; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|seven-sky|03|org"; nocase; ) # sfcorporation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000580; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sfcorporation|03|com"; nocase; ) # shahcsxkszx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000581; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|shahcsxkszx|03|com"; nocase; ) # sharedquestdo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000582; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sharedquestdo|03|net"; nocase; ) # shenron.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000583; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|shenron|02|su"; nocase; ) # shinkhek.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000584; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|shinkhek|04|myfw|02|us"; nocase; ) # shoppingkopi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000585; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|shoppingkopi|03|com"; nocase; ) # shrook.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000586; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|shrook|04|mooo|03|com"; nocase; ) # shyouth.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000587; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|shyouth|03|org"; nocase; ) # sixt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000588; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|sixt|03|com"; nocase; ) # smallconfigs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000589; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|smallconfigs|03|com"; nocase; ) # smigroup-online.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000590; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|smigroup-online|02|co|02|uk"; nocase; ) # softinc.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000591; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|softinc|02|pw"; nocase; ) # softjohn.ddns.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000592; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|softjohn|04|ddns|02|us"; nocase; ) # softmy.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000593; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|softmy|04|jkub|03|com"; nocase; ) # solicitorsassociates.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000594; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|solicitorsassociates|03|org"; nocase; ) # srut12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000595; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|srut12|03|com"; nocase; ) # ssl-vaeit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000596; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ssl-vaeit|03|com"; nocase; ) # stafftest.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000597; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|stafftest|02|ru"; nocase; ) # stat777-toolbarueries-google.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000598; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1c|stat777-toolbarueries-google|03|com"; nocase; ) # state-bicycle.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000599; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|state-bicycle|03|com"; nocase; ) # store-legal.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000600; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|store-legal|03|biz"; nocase; ) # stovelall.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000601; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|stovelall|03|com"; nocase; ) # streetunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000602; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|streetunderstand|03|net"; nocase; ) # sunibi.se [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000603; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|sunibi|02|se"; nocase; ) # superzhopper.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000604; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|superzhopper|03|com"; nocase; ) # suporteonlinesicredi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000605; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|suporteonlinesicredi|03|com"; nocase; ) # svchost-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000606; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|svchost-check|03|com"; nocase; ) # sykavovalohzz.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000607; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sykavovalohzz|02|ga"; nocase; ) # synclock.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000608; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|synclock|04|info"; nocase; ) # t3rr0r.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000609; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|t3rr0r|04|ddns|03|net"; nocase; ) # teamrewardz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000610; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|teamrewardz|03|com"; nocase; ) # teknation-brighttube-zoomtag.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000611; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1c|teknation-brighttube-zoomtag|03|net"; nocase; ) # terethaundv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000612; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|terethaundv|02|ru"; nocase; ) # thaibtxtnation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000613; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|thaibtxtnation|03|com"; nocase; ) # thenavodayaacademy.edu.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000614; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|thenavodayaacademy|03|edu|02|in"; nocase; ) # thenjechap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000615; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|thenjechap|03|com"; nocase; ) # tibetanculture.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000616; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|tibetanculture|03|org"; nocase; ) # tiiztm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000617; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|tiiztm|03|com"; nocase; ) # timechk11.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000618; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk11|03|com"; nocase; ) # timechk11.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000619; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk11|03|org"; nocase; ) # timechk16.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000620; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk16|03|com"; nocase; ) # timechk19.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000621; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk19|03|com"; nocase; ) # timechk19.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000622; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk19|03|org"; nocase; ) # timechk2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000623; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk2|03|net"; nocase; ) # timechk2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000624; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk2|03|org"; nocase; ) # timechk20.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000625; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk20|03|net"; nocase; ) # timechk20.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000626; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk20|03|org"; nocase; ) # timechk21.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000627; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk21|03|org"; nocase; ) # timechk24.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000628; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk24|03|com"; nocase; ) # timechk24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000629; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk24|03|net"; nocase; ) # timechk25.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000630; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk25|03|net"; nocase; ) # timechk25.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000631; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk25|03|org"; nocase; ) # timechk26.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000632; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk26|03|org"; nocase; ) # timechk27.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000633; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk27|03|net"; nocase; ) # timechk29.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000634; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk29|03|org"; nocase; ) # timechk3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000635; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk3|03|net"; nocase; ) # timechk4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000636; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk4|03|net"; nocase; ) # timechk4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000637; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk4|03|org"; nocase; ) # timechk6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000638; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk6|03|com"; nocase; ) # timechk7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000639; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk7|03|net"; nocase; ) # timechk8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000640; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk8|03|com"; nocase; ) # timechk9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000641; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk9|03|net"; nocase; ) # timelywebsitehostesses.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000642; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|timelywebsitehostesses|03|com"; nocase; ) # tiptoptours.com.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000643; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|tiptoptours|03|com|02|hk"; nocase; ) # tisone360.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000644; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tisone360|03|org"; nocase; ) # tkprinter.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000645; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tkprinter|03|com"; nocase; ) # toldontinwi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000646; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|toldontinwi|02|ru"; nocase; ) # tonda.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000647; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|tonda|02|tk"; nocase; ) # top1-seo-service.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000648; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|top1-seo-service|03|com"; nocase; ) # topnotchtennistours.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000649; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|topnotchtennistours|03|com"; nocase; ) # tpalmer1955.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000650; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|tpalmer1955|04|ddns|03|net"; nocase; ) # tptravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000651; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|tptravel|03|net"; nocase; ) # tradebroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000652; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|tradebroad|03|net"; nocase; ) # traffic-spot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000653; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|traffic-spot|03|com"; nocase; ) # traider-pro.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000654; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|traider-pro|03|com"; nocase; ) # trash4docs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000655; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|trash4docs|03|com"; nocase; ) # travel-maps.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000656; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|travel-maps|04|info"; nocase; ) # treeeww.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000657; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|treeeww|02|co|02|vu"; nocase; ) # trksrv.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000658; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|trksrv|02|su"; nocase; ) # trueadsworld.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000659; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|trueadsworld|02|in"; nocase; ) # trusplus.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000660; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|trusplus|04|ddns|03|net"; nocase; ) # tsgoogoo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000661; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|tsgoogoo|03|net"; nocase; ) # ttteco.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000662; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ttteco|04|vicp|03|net"; nocase; ) # tubiebikceli.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000663; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tubiebikceli|04|ddns|03|net"; nocase; ) # tumanimoskal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000664; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tumanimoskal|03|com"; nocase; ) # tvnew.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000665; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|tvnew|04|otzo|03|com"; nocase; ) # twitterbug-flashpedia-skipster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000666; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1e|twitterbug-flashpedia-skipster|03|net"; nocase; ) # tychebruke.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000667; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|tychebruke|03|com"; nocase; ) # ubaoyouxiang.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000668; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ubaoyouxiang|04|gicp|03|net"; nocase; ) # ubeisyavovapls.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000669; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ubeisyavovapls|02|ga"; nocase; ) # ubeisyavovapls.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000670; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ubeisyavovapls|02|ml"; nocase; ) # ucsauhdune.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000671; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ucsauhdune|04|ddns|03|net"; nocase; ) # udaore.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000672; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|udaore|03|com"; nocase; ) # ughimsinna.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000673; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ughimsinna|02|ru"; nocase; ) # ughwagerew.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000674; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ughwagerew|02|ru"; nocase; ) # uhrixaloduuse.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000675; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|uhrixaloduuse|04|ddns|03|net"; nocase; ) # uicahmahadhifa-twekzlibz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000676; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|uicahmahadhifa-twekzlibz|03|com"; nocase; ) # uisoa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000677; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|uisoa|03|com"; nocase; ) # undvemofo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000678; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|undvemofo|02|ru"; nocase; ) # unisers.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000679; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|unisers|03|com"; nocase; ) # unwashedsound.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000680; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|unwashedsound|03|com"; nocase; ) # uowcvvknkrtipj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000681; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|uowcvvknkrtipj|03|com"; nocase; ) # up.uae.kim [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000682; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|up|03|uae|03|kim"; nocase; ) # update-genuine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000683; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|update-genuine|03|com"; nocase; ) # updatewindowsplayer.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000684; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|updatewindowsplayer|02|ga"; nocase; ) # urgalxjef.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000685; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|urgalxjef|03|com"; nocase; ) # us-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000686; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|us-update|03|com"; nocase; ) # utwithdehan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000687; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|utwithdehan|03|com"; nocase; ) # uwuhuhawidb.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000688; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|uwuhuhawidb|04|ddns|03|net"; nocase; ) # vassabgg.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000689; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|vassabgg|02|pw"; nocase; ) # vdrygvovanemydak55.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000690; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak55|02|tk"; nocase; ) # vdrygvovanemydak77.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000691; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak77|02|gq"; nocase; ) # vdrygvovanemydak77.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000692; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak77|02|tk"; nocase; ) # vectallies.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000693; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|vectallies|03|org"; nocase; ) # vellyboyz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000694; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|vellyboyz|03|com"; nocase; ) # vendorboltasticrobust.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000695; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|vendorboltasticrobust|03|net"; nocase; ) # veronefosof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000696; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|veronefosof|03|com"; nocase; ) # versionfive.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000697; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|versionfive|04|ddns|03|net"; nocase; ) # veslike.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000698; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|veslike|03|com"; nocase; ) # videoskype24.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000699; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|videoskype24|02|ru"; nocase; ) # viewror.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000700; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|viewror|03|com"; nocase; ) # vkcom100i.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000701; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|vkcom100i|02|ru"; nocase; ) # vlinkz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000702; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|vlinkz|03|com"; nocase; ) # vo55nehuevotak.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000703; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vo55nehuevotak|02|ga"; nocase; ) # vovapizdadolboebgh.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000704; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapizdadolboebgh|02|ml"; nocase; ) # vovapro100gandon23.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000705; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapro100gandon23|02|ga"; nocase; ) # vovapro100gandon23.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000706; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapro100gandon23|02|tk"; nocase; ) # voveholodnozimoi.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000707; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|voveholodnozimoi|02|cf"; nocase; ) # vovenehuevotak.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000708; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|ml"; nocase; ) # vovenehuevotak.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000709; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|tk"; nocase; ) # vovewegdfnozimoi.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000710; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovewegdfnozimoi|02|ga"; nocase; ) # vxmsrlsanrcilyb7o.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000711; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vxmsrlsanrcilyb7o|03|com"; nocase; ) # waeservices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000712; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|waeservices|03|com"; nocase; ) # wangluoruanjian.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000713; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|wangluoruanjian|03|com"; nocase; ) # watertrouble.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000714; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|watertrouble|03|net"; nocase; ) # web.fe.up.pt [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000715; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|web|02|fe|02|up|02|pt"; nocase; ) # webcodepremium.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000716; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|webcodepremium|03|com"; nocase; ) # webhop.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000717; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|webhop|03|net"; nocase; ) # webmailsvr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000718; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|webmailsvr|03|com"; nocase; ) # webuysupplystore.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000719; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|webuysupplystore|04|mooo|03|com"; nocase; ) # weksrubaz.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000720; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|weksrubaz|02|ru"; nocase; ) # wewateikho.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000721; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|wewateikho|04|ddns|03|net"; nocase; ) # whereareyoumyfriendff.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000722; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|whereareyoumyfriendff|03|com"; nocase; ) # whoismistergreen.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000723; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|whoismistergreen|03|com"; nocase; ) # wicked2016tour.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000724; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|wicked2016tour|03|com"; nocase; ) # wiki-vaeit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000725; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|wiki-vaeit|03|com"; nocase; ) # windows-genuine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000726; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|windows-genuine|03|com"; nocase; ) # windows-spywarealert-cucwmpxvlfqfo2lpxgapsmccuy1yflsnjvtme.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000727; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|3a|windows-spywarealert-cucwmpxvlfqfo2lpxgapsmccuy1yflsnjvtme|02|co"; nocase; ) # windowscheckupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000728; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|windowscheckupdate|03|com"; nocase; ) # windowssecurityupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000729; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|windowssecurityupdate|03|com"; nocase; ) # windowsupdateserver.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000730; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|windowsupdateserver|03|com"; nocase; ) # winfertrow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000731; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|winfertrow|03|com"; nocase; ) # winupdateos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000732; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|winupdateos|03|com"; nocase; ) # woevenglaref.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000733; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|woevenglaref|02|ru"; nocase; ) # worldairpost.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000734; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|worldairpost|03|net"; nocase; ) # worldmaprsh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000735; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|worldmaprsh|03|com"; nocase; ) # wucy08.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000736; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|wucy08|04|eicp|03|net"; nocase; ) # xezikalanre.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000737; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|xezikalanre|03|com"; nocase; ) # xinxin20080628.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000738; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|xinxin20080628|04|gicp|03|net"; nocase; ) # xlivehost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000739; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xlivehost|03|com"; nocase; ) # xponlineupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000740; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|xponlineupdate|03|com"; nocase; ) # xqirefjyjkcn7u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000741; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|xqirefjyjkcn7u|03|com"; nocase; ) # xxxpvideo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000742; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xxxpvideo|03|com"; nocase; ) # yahoo-profiles.uk.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000743; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|yahoo-profiles|02|uk|02|to"; nocase; ) # yo-analytics.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000744; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|yo-analytics|03|com"; nocase; ) # ysaletoos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000745; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ysaletoos|03|com"; nocase; ) # ysims.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000746; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ysims|03|com"; nocase; ) # yvtvvibsp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000747; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|yvtvvibsp|03|com"; nocase; ) # yyouporn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000748; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|yyouporn|03|org"; nocase; ) # yyyyyyyyyyyyyhyh.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000749; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|yyyyyyyyyyyyyhyh|02|co|02|vu"; nocase; ) # zabeir5374hnotvova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000750; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|zabeir5374hnotvova|02|tk"; nocase; ) # zabeirotvova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000751; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zabeirotvova|02|cf"; nocase; ) # zhonte.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000752; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|zhonte|03|org"; nocase; ) # zibond.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000753; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|zibond|03|com"; nocase; ) # zivva007.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000754; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zivva007|04|ddns|03|net"; nocase; ) # zmgsales.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000755; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zmgsales|03|com"; nocase; ) # ztopp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000756; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ztopp|03|org"; nocase; ) # zudgunsh.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000757; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zudgunsh|03|xyz"; nocase; ) # zumo-alibabs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000758; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zumo-alibabs|03|com"; nocase; ) # zvovapeterda1.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000759; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zvovapeterda1|02|ml"; nocase; ) # 1845realty.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000760; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|1845realty|03|com"; nocase; ) # 1uer3u9vttynxg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000761; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|1uer3u9vttynxg|03|com"; nocase; ) # 1x1te0o878iponovyja8m87.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000762; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|1x1te0o878iponovyja8m87|04|ddns|03|net"; nocase; ) # 24videotur.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000763; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|24videotur|02|in|02|ua"; nocase; ) # 2d7.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000764; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|2d7|03|xyz"; nocase; ) # 2kjb7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000765; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|2kjb7|03|net"; nocase; ) # 3dsecpay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000766; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|3dsecpay|03|com"; nocase; ) # 3h01.dwy.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000767; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|3h01|03|dwy|02|cc"; nocase; ) # 3hyun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000768; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|3hyun|03|com"; nocase; ) # 3jkd5papcfibqjwhipy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000769; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|3jkd5papcfibqjwhipy|04|ddns|03|net"; nocase; ) # 3tax5vmj3bep18uh5xmr5p5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000770; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|3tax5vmj3bep18uh5xmr5p5|04|ddns|03|net"; nocase; ) # 42k2b14.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000771; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|42k2b14|03|net"; nocase; ) # 500.uk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000772; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|500|02|uk|03|com"; nocase; ) # 50cr587t3fur5xy6yvw4kxg.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000773; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|50cr587t3fur5xy6yvw4kxg|04|ddns|03|net"; nocase; ) # 7619900.com.tw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000774; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|7619900|03|com|02|tw"; nocase; ) # 79fhdm16.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000775; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|79fhdm16|03|com"; nocase; ) # 7bhm30bbmuul5t7r.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000776; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|7bhm30bbmuul5t7r|02|cf"; nocase; ) # 9jafoodnews.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000777; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|9jafoodnews|03|com"; nocase; ) # a8377c5a7c390331b15c1df94fa745e38a.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000778; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|a8377c5a7c390331b15c1df94fa745e38a|02|to"; nocase; ) # aabbuhugyfdesxcvo.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000779; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|cf"; nocase; ) # aabbuhugyfdesxcvo.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000780; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|ga"; nocase; ) # aabbuhugyfdesxcvo.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000781; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|gq"; nocase; ) # aabbuhugyfdesxcvo.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000782; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|ml"; nocase; ) # aabbuhugyfdesxcvo.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000783; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabbuhugyfdesxcvo|02|tk"; nocase; ) # aabcgukomotredcxi.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000784; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabcgukomotredcxi|02|cf"; nocase; ) # aabdtuhugfredhoo.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000785; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aabdtuhugfredhoo|02|ga"; nocase; ) # aabeweddbhujkoge.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000786; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aabeweddbhujkoge|02|cf"; nocase; ) # aabeweddbhujkoge.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000787; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aabeweddbhujkoge|02|ml"; nocase; ) # aatradeshowconference.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000788; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|aatradeshowconference|03|net"; nocase; ) # abcdollar.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000789; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|abcdollar|04|mooo|03|com"; nocase; ) # abuhmaid.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000790; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|abuhmaid|03|net"; nocase; ) # ad-servicestats.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000791; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ad-servicestats|03|net"; nocase; ) # adawareblock.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000792; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|adawareblock|03|com"; nocase; ) # adeuplolo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000793; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|adeuplolo|03|org"; nocase; ) # adguard.name [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000794; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|adguard|04|name"; nocase; ) # adolfo196938.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000795; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|adolfo196938|04|ddns|03|net"; nocase; ) # adultvideonn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000796; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|adultvideonn|03|com"; nocase; ) # afkarehroshan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000797; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|afkarehroshan|03|com"; nocase; ) # againstarticle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000798; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|againstarticle|03|net"; nocase; ) # againstdried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000799; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|againstdried|03|net"; nocase; ) # aginemkiroacus.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000800; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|aginemkiroacus|04|ddns|03|net"; nocase; ) # ahalaymahalay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000801; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ahalaymahalay|03|com"; nocase; ) # ahbabe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000802; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ahbabe|03|com"; nocase; ) # ahlanmedicalcenter.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000803; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|ahlanmedicalcenter|03|com"; nocase; ) # ahyushkavovu.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000804; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ahyushkavovu|02|cf"; nocase; ) # ahyushkavovuzzz.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000805; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ahyushkavovuzzz|02|ga"; nocase; ) # ahyushkavovuzzz.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000806; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ahyushkavovuzzz|02|gq"; nocase; ) # akasiamas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000807; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|akasiamas|03|com"; nocase; ) # aktogaasdvnovova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000808; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|aktogaasdvnovova|02|tk"; nocase; ) # aktogavnovova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000809; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|ga"; nocase; ) # aktogavnovova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000810; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|tk"; nocase; ) # alexaspoteee.wha.la [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000811; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|alexaspoteee|03|wha|02|la"; nocase; ) # alexsinden.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000812; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|alexsinden|02|co|02|uk"; nocase; ) # allfirdawhippet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000813; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|allfirdawhippet|03|com"; nocase; ) # alsyriac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000814; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|alsyriac|03|com"; nocase; ) # amateurzootube.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000815; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|amateurzootube|03|com"; nocase; ) # aniamaljam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000816; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|aniamaljam|03|com"; nocase; ) # anster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000817; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|anster|03|net"; nocase; ) # aoldaily.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000818; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|aoldaily|03|com"; nocase; ) # ap5todifwjspqp78kxs0e8k.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000819; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|ap5todifwjspqp78kxs0e8k|04|ddns|03|net"; nocase; ) # apipiskavovu.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000820; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|apipiskavovu|02|cf"; nocase; ) # apipiskavovu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000821; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|apipiskavovu|02|tk"; nocase; ) # apipiskavovujgf.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000822; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|apipiskavovujgf|02|gq"; nocase; ) # apporistale.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000823; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|apporistale|03|com"; nocase; ) # appvz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000824; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|appvz|03|com"; nocase; ) # aquafresh.exe [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000825; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|aquafresh|03|exe"; nocase; ) # arabjostars.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000826; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|arabjostars|03|net"; nocase; ) # araishindiafoundation.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000827; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|araishindiafoundation|03|org"; nocase; ) # archimedus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000828; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|archimedus|03|com"; nocase; ) # arrrowelect.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000829; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|arrrowelect|03|com"; nocase; ) # arwahengo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000830; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|arwahengo|02|ru"; nocase; ) # aseaneco.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000831; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|aseaneco|03|org"; nocase; ) # aseanm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000832; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|aseanm|03|com"; nocase; ) # aslfnsdifhsfdsa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000833; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|aslfnsdifhsfdsa|03|com"; nocase; ) # assfdfrgfr.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000834; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|assfdfrgfr|02|co|02|vu"; nocase; ) # asthalproperties.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000835; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|asthalproperties|03|com"; nocase; ) # asus-service.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000836; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|asus-service|03|net"; nocase; ) # auvovumalenkiu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000837; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|auvovumalenkiu|02|ml"; nocase; ) # avdrygvovanemydak1.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000838; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|avdrygvovanemydak1|02|ml"; nocase; ) # avdrygvovanemydakaa.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000839; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakaa|02|ga"; nocase; ) # avdrygvovanemydakzz.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000840; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakzz|02|ga"; nocase; ) # avdrygvovanemydakzz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000841; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakzz|02|ml"; nocase; ) # avdrygvovanemydakzz3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000842; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|avdrygvovanemydakzz3|02|tk"; nocase; ) # avdrygvovanemyz88.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000843; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemyz88|02|cf"; nocase; ) # avdrygvovanemyz88.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000844; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemyz88|02|ga"; nocase; ) # avdrygvovanemyz88.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000845; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemyz88|02|ml"; nocase; ) # avovagomosek2.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000846; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|cf"; nocase; ) # avovakorova55.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000847; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovakorova55|02|ml"; nocase; ) # avovakusokgavnafg.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000848; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avovakusokgavnafg|02|ml"; nocase; ) # avovapeterda.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000849; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovapeterda|02|cf"; nocase; ) # avovapeterda.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000850; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovapeterda|02|ga"; nocase; ) # axs25xuo8c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000851; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|axs25xuo8c|03|com"; nocase; ) # azurf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000852; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|azurf|03|org"; nocase; ) # azvdrygvovanemyz.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000853; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|azvdrygvovanemyz|02|gq"; nocase; ) # baazsawetukovcsa.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000854; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|baazsawetukovcsa|02|gq"; nocase; ) # bajsbdhxhbpmmiwoe0.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000855; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|bajsbdhxhbpmmiwoe0|03|com"; nocase; ) # baomoi.vicp.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000856; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|baomoi|04|vicp|02|cc"; nocase; ) # bbc-press.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000857; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bbc-press|03|org"; nocase; ) # bbullgard.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000858; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bbullgard|04|ddns|03|net"; nocase; ) # bestsexpositions.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000859; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|bestsexpositions|03|com"; nocase; ) # betterbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000860; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|betterbutter|03|net"; nocase; ) # bettun.com.ar [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000861; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|bettun|03|com|02|ar"; nocase; ) # bijiaexhibition.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000862; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|bijiaexhibition|03|com"; nocase; ) # binjer.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000863; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|binjer|03|org"; nocase; ) # biocpl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000864; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|biocpl|03|org"; nocase; ) # bizzduniya.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000865; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|bizzduniya|03|com"; nocase; ) # blazinhosting.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000866; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|blazinhosting|03|net"; nocase; ) # bloombergloop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000867; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|bloombergloop|03|biz"; nocase; ) # blyavovarealnogavno.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000868; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|blyavovarealnogavno|02|cf"; nocase; ) # blyavovarealnogavno.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000869; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|blyavovarealnogavno|02|ga"; nocase; ) # boblaktto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000870; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|boblaktto|03|com"; nocase; ) # boch256on1okvovu.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000871; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|cf"; nocase; ) # boch256on1okvovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000872; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|gq"; nocase; ) # boganytuvovaiga.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000873; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|boganytuvovaiga|02|ga"; nocase; ) # bogenyvovailoh.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000874; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bogenyvovailoh|02|cf"; nocase; ) # bogenyvovailoh.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000875; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bogenyvovailoh|02|tk"; nocase; ) # bogev3ovaneu3dac3hnik.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000876; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|bogev3ovaneu3dac3hnik|02|ml"; nocase; ) # bogevovaneudachnik.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000877; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|bogevovaneudachnik|02|gq"; nocase; ) # bongoprom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000878; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bongoprom|03|com"; nocase; ) # bookmyname.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000879; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|bookmyname|03|com"; nocase; ) # bracino.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000880; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|bracino|03|org"; nocase; ) # brnlv-gv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000881; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|brnlv-gv|02|eu"; nocase; ) # buynewes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000882; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|buynewes|03|com"; nocase; ) # bvovapeterda.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000883; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bvovapeterda|02|cf"; nocase; ) # bvovapeterdass.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000884; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bvovapeterdass|02|tk"; nocase; ) # caidongrong.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000885; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|caidongrong|03|com"; nocase; ) # captainarticle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000886; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|captainarticle|03|net"; nocase; ) # catnew4u.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000887; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|catnew4u|04|work"; nocase; ) # ccid.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000888; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|ccid|04|mooo|03|com"; nocase; ) # cfud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000889; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|cfud|03|biz"; nocase; ) # chackpoint.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000890; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|chackpoint|02|ua"; nocase; ) # claimsback.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000891; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|claimsback|02|eu"; nocase; ) # clientalalaxp.mn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000892; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|clientalalaxp|02|mn"; nocase; ) # coalvi-cms.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000893; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|coalvi-cms|03|com"; nocase; ) # cockblockingwhorecuntsnow.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000894; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|cockblockingwhorecuntsnow|02|ru"; nocase; ) # cognacbrown.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000895; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|cognacbrown|02|co|02|uk"; nocase; ) # consumers-opinion.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000896; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|consumers-opinion|03|com"; nocase; ) # continental-transitmail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000897; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|continental-transitmail|03|com"; nocase; ) # courageuni.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000898; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|courageuni|03|org"; nocase; ) # cprnash.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000899; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|cprnash|03|com"; nocase; ) # creativetrackers.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000900; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|creativetrackers|03|biz"; nocase; ) # crgchamber.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000901; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|crgchamber|03|com"; nocase; ) # cvovapeterda.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000902; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cvovapeterda|02|cf"; nocase; ) # cvovapeterdaga.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000903; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|cvovapeterdaga|02|cf"; nocase; ) # cyber-peace.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000904; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|cyber-peace|03|org"; nocase; ) # daaserthupo.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000905; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daaserthupo|02|ml"; nocase; ) # dabuhutregl.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000906; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dabuhutregl|02|ml"; nocase; ) # dabuhutregl.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000907; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dabuhutregl|02|tk"; nocase; ) # dailyinfonews.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000908; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|dailyinfonews|03|net"; nocase; ) # dataspotlight.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000909; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|dataspotlight|03|net"; nocase; ) # deadfishup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000910; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|deadfishup|03|com"; nocase; ) # decidedried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000911; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|decidedried|03|net"; nocase; ) # decorstal.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000912; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|decorstal|02|pl"; nocase; ) # defaulttab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000913; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|defaulttab|03|com"; nocase; ) # delishop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000914; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|delishop|03|org"; nocase; ) # deohupivoco.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000915; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|deohupivoco|04|ddns|03|net"; nocase; ) # deshi.sex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000916; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|deshi|03|sex|03|com"; nocase; ) # det-sad-89.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000917; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|det-sad-89|02|ru"; nocase; ) # dippyasociados.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000918; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dippyasociados|03|com"; nocase; ) # directv-login.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000919; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|directv-login|04|info"; nocase; ) # divathemes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000920; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|divathemes|03|com"; nocase; ) # djdkduep62kz4nzx.onion.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000921; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|djdkduep62kz4nzx|05|onion|02|to"; nocase; ) # djuefehff.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000922; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|djuefehff|02|eu"; nocase; ) # dkilograzmvovuf3.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000923; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dkilograzmvovuf3|02|cf"; nocase; ) # dkilograzmvovuf3.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000924; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dkilograzmvovuf3|02|ga"; nocase; ) # dljedue.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000925; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dljedue|02|eu"; nocase; ) # dll-host-udate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000926; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dll-host-udate|03|com"; nocase; ) # dll-host-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000927; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|dll-host-update|03|com"; nocase; ) # dnslocation.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000928; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dnslocation|04|info"; nocase; ) # dnsmm.bpa.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000929; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|dnsmm|03|bpa|02|nu"; nocase; ) # document-fast-cloud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000930; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|document-fast-cloud|03|com"; nocase; ) # documentsecurestorage.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000931; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|documentsecurestorage|03|com"; nocase; ) # domob-inc.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000932; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|domob-inc|02|cn"; nocase; ) # dontrplay.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000933; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dontrplay|02|tk"; nocase; ) # dotnetexplorer.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000934; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dotnetexplorer|04|info"; nocase; ) # dowelsobject.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000935; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|dowelsobject|03|com"; nocase; ) # downloadsservers.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000936; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|downloadsservers|03|com"; nocase; ) # driblokan.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000937; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|driblokan|03|net"; nocase; ) # drinkallsport.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000938; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drinkallsport|03|com"; nocase; ) # drivers-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000939; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drivers-check|03|com"; nocase; ) # drivers-get.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000940; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|drivers-get|03|com"; nocase; ) # drivers-update-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000941; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|drivers-update-online|03|com"; nocase; ) # drivers.drp.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000942; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|drivers|03|drp|02|su"; nocase; ) # drivres-update.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000943; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|drivres-update|04|info"; nocase; ) # droveassociates.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000944; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|droveassociates|04|info"; nocase; ) # drygvovanemyd.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000945; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemyd|02|cf"; nocase; ) # drygvovanemyd.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000946; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemyd|02|ga"; nocase; ) # drygvovanemyd.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000947; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemyd|02|ml"; nocase; ) # drygvovanemyda4.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000948; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|drygvovanemyda4|02|gq"; nocase; ) # dsaj2a.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000949; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|dsaj2a|03|com"; nocase; ) # dudmachineonto.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000950; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dudmachineonto|02|ru"; nocase; ) # dvmdownload.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000951; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dvmdownload|03|net"; nocase; ) # dydx69.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000952; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|dydx69|04|ddns|03|net"; nocase; ) # e4w6irqxcj5p78c.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000953; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|e4w6irqxcj5p78c|04|ddns|03|net"; nocase; ) # e8b1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000954; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|e8b1|02|tk"; nocase; ) # eaglesey.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000955; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|eaglesey|03|com"; nocase; ) # eatuo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000956; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|eatuo|03|com"; nocase; ) # echotec.asia [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000957; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|echotec|04|asia"; nocase; ) # ecloud86.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000958; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ecloud86|03|com"; nocase; ) # ecloud87.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000959; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ecloud87|03|com"; nocase; ) # ecloud91.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000960; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ecloud91|03|com"; nocase; ) # ecoh.oicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000961; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|ecoh|04|oicp|03|net"; nocase; ) # economy.spdns.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000962; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|economy|05|spdns|02|de"; nocase; ) # ed3qy5yioryitoturysuiu.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000963; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|ed3qy5yioryitoturysuiu|04|otzo|03|com"; nocase; ) # edbaxterretail.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000964; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|edbaxterretail|02|co|02|uk"; nocase; ) # ediphis.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000965; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|ediphis|02|fr"; nocase; ) # eholidays.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000966; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|eholidays|04|mooo|03|com"; nocase; ) # electricbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000967; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|electricbehind|03|net"; nocase; ) # electricbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000968; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|electricbutter|03|net"; nocase; ) # elicina.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000969; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|elicina|02|kz"; nocase; ) # ellismikepage.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000970; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ellismikepage|04|info"; nocase; ) # elorfans2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000971; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans2|03|com"; nocase; ) # elorfans3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000972; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans3|03|com"; nocase; ) # eltisc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000973; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|eltisc|03|net"; nocase; ) # email-market.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000974; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|email-market|02|ml"; nocase; ) # enisa-europa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000975; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|enisa-europa|03|com"; nocase; ) # envios-luno-sl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000976; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|envios-luno-sl|03|com"; nocase; ) # epicunitscan.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000977; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|epicunitscan|04|info"; nocase; ) # ermuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000978; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ermuz|03|com"; nocase; ) # esrioterf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000979; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|esrioterf|03|com"; nocase; ) # exploraromundo.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000980; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|exploraromundo|03|com|02|br"; nocase; ) # explorerdotnt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000981; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|explorerdotnt|04|info"; nocase; ) # expuytgh.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000982; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|expuytgh|02|eu"; nocase; ) # factorygood.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000983; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|factorygood|03|net"; nocase; ) # familie-dr-hild.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000984; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|familie-dr-hild|02|de"; nocase; ) # fastestever.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000985; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|fastestever|03|net"; nocase; ) # fcobook.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000986; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|fcobook|03|com"; nocase; ) # fdestrnounor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000987; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|fdestrnounor|03|com"; nocase; ) # feredac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000988; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|feredac|03|com"; nocase; ) # ferko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000989; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ferko|03|org"; nocase; ) # fgfhbgdtgfhbdtghf.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000990; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|fgfhbgdtgfhbdtghf|02|co|02|vu"; nocase; ) # fgfsgfsgfsgfs.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000991; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|fgfsgfsgfsgfs|02|co|02|vu"; nocase; ) # fgrfgrdetret.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000992; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|fgrfgrdetret|02|co|02|vu"; nocase; ) # fifibabok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000993; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fifibabok|03|com"; nocase; ) # fighhard.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000994; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fighhard|04|mooo|03|com"; nocase; ) # fileblckr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000995; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fileblckr|03|com"; nocase; ) # film17tahun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000996; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|film17tahun|03|com"; nocase; ) # filmver.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000997; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|filmver|03|com"; nocase; ) # fimzusoln.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000998; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fimzusoln|02|ru"; nocase; ) # finder777.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000000999; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|finder777|03|com"; nocase; ) # flash-vip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001000; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|flash-vip|03|com"; nocase; ) # flierbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001001; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|flierbroad|03|net"; nocase; ) # flierbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001002; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|flierbutter|03|net"; nocase; ) # fliparray.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001003; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fliparray|03|com"; nocase; ) # flushdns.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001004; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|flushdns|04|info"; nocase; ) # flushupate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001005; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|flushupate|03|com"; nocase; ) # fohenroprab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001006; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|fohenroprab|03|com"; nocase; ) # forgotten-deals.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001007; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|forgotten-deals|03|com"; nocase; ) # formsupdates.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001008; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|formsupdates|04|info"; nocase; ) # foroushi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001009; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|foroushi|03|net"; nocase; ) # frejabe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001010; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|frejabe|03|com"; nocase; ) # friendorenemy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001011; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|friendorenemy|03|biz"; nocase; ) # frontpage.dhis.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001012; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|frontpage|04|dhis|03|org"; nocase; ) # frookze.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001013; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|frookze|04|ddns|03|net"; nocase; ) # ftdeveloppromo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001014; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ftdeveloppromo|03|com"; nocase; ) # fteoplle.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001015; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fteoplle|02|co|02|vu"; nocase; ) # funnyinvoiceorg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001016; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|funnyinvoiceorg|03|com"; nocase; ) # g-a.paris [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001017; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|g-a|05|paris"; nocase; ) # g1osp1odin1ytui1dayn1vova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001018; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|g1osp1odin1ytui1dayn1vova|02|ga"; nocase; ) # gamani0001.url.ph [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001019; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|gamani0001|03|url|02|ph"; nocase; ) # gamecheck432.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001020; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gamecheck432|04|mooo|03|com"; nocase; ) # garbux.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001021; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|garbux|03|com"; nocase; ) # gatherbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001022; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|gatherbroad|03|net"; nocase; ) # gatherbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001023; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gatherbutter|03|net"; nocase; ) # gatherunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001024; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|gatherunderstand|03|net"; nocase; ) # gavnuwkavova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001025; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|gq"; nocase; ) # gayzoosex.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001026; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|gayzoosex|03|net"; nocase; ) # gbbond.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001027; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gbbond|03|com"; nocase; ) # gds520.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001028; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gds520|03|com"; nocase; ) # gecoohocalifluw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001029; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gecoohocalifluw|04|ddns|03|net"; nocase; ) # geevheuqsemaif.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001030; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|geevheuqsemaif|04|ddns|03|net"; nocase; ) # gelun-posak.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001031; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|gelun-posak|03|com"; nocase; ) # genuineservicecheck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001032; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|genuineservicecheck|03|com"; nocase; ) # gislat2for8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001033; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|gislat2for8|03|com"; nocase; ) # giveitalltheresqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001034; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|giveitalltheresqq|03|com"; nocase; ) # gladi-toriusa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001035; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|gladi-toriusa|03|com"; nocase; ) # glassesftous.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001036; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|glassesftous|03|com"; nocase; ) # globalmailru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001037; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|globalmailru|03|com"; nocase; ) # goihang.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001038; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|goihang|04|vicp|03|net"; nocase; ) # goldadpremium.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001039; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|goldadpremium|03|com"; nocase; ) # golokird.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001040; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|golokird|03|com"; nocase; ) # goodmongol.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001041; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|goodmongol|03|com"; nocase; ) # goodugojps.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001042; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|goodugojps|03|com"; nocase; ) # google-adsens.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001043; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|google-adsens|03|com"; nocase; ) # google-ana1ytics.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001044; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|google-ana1ytics|03|com"; nocase; ) # googlecombq6xx.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001045; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|googlecombq6xx|04|ddns|03|net"; nocase; ) # googleproductupdate.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001046; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|googleproductupdate|03|net"; nocase; ) # gospodinytuidaynvova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001047; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|gospodinytuidaynvova|02|gq"; nocase; ) # govdelivery.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001048; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|govdelivery|03|com"; nocase; ) # gowin7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001049; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gowin7|03|com"; nocase; ) # greateplan.ocry.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001050; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|greateplan|04|ocry|03|com"; nocase; ) # greta.ikwb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001051; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|greta|04|ikwb|03|com"; nocase; ) # gtfoods.com.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001052; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|gtfoods|03|com|02|ru"; nocase; ) # gujarat-overseas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001053; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|gujarat-overseas|03|com"; nocase; ) # gwas.perl.sh [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001054; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|gwas|04|perl|02|sh"; nocase; ) # h3yiloavovka.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001055; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|h3yiloavovka|02|ga"; nocase; ) # haaxicuconx.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001056; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|haaxicuconx|04|ddns|03|net"; nocase; ) # hackmakers.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001057; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|hackmakers|04|ddns|03|net"; nocase; ) # haerbugoviosmu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001058; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|haerbugoviosmu|04|ddns|03|net"; nocase; ) # havakhosh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001059; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|havakhosh|03|com"; nocase; ) # healthslie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001060; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|healthslie|03|com"; nocase; ) # hellmaza.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001061; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|hellmaza|03|com"; nocase; ) # hetonshanver.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001062; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hetonshanver|02|ru"; nocase; ) # historybeside.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001063; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|historybeside|03|net"; nocase; ) # hogangreece.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001064; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hogangreece|03|com"; nocase; ) # hokydisma.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001065; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hokydisma|03|xyz"; nocase; ) # holisak-tasek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001066; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|holisak-tasek|03|com"; nocase; ) # holodpvovocs4hka23.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001067; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|ml"; nocase; ) # holodpvovocs4hka23.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001068; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|holodpvovocs4hka23|02|tk"; nocase; ) # horologecom.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001069; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|horologecom|03|net"; nocase; ) # hostns222777.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001070; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hostns222777|03|com"; nocase; ) # hotmailcontact.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001071; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|hotmailcontact|03|net"; nocase; ) # hufuqzyilaru.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001072; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hufuqzyilaru|02|kz"; nocase; ) # hunoikuxibi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001073; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hunoikuxibi|04|ddns|03|net"; nocase; ) # huoxu.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001074; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|huoxu|02|me"; nocase; ) # hyhyhyhrtgrt.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001075; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|hyhyhyhrtgrt|02|co|02|vu"; nocase; ) # hysotasl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001076; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|hysotasl|03|com"; nocase; ) # iamthewinnerhere.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001077; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|iamthewinnerhere|03|com"; nocase; ) # ibc4d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001078; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ibc4d|03|com"; nocase; ) # icecloud.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001079; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|icecloud|03|biz"; nocase; ) # iequemagnusbucks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001080; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|iequemagnusbucks|03|com"; nocase; ) # img02.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001081; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|img02|04|mooo|03|com"; nocase; ) # in-iapple.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001082; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|in-iapple|03|org"; nocase; ) # ineltdriver.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001083; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|ineltdriver|03|com"; nocase; ) # inf1nix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001084; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|inf1nix|03|com"; nocase; ) # info.imly.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001085; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|info|04|imly|03|org"; nocase; ) # infofinaciale8h.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001086; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|infofinaciale8h|02|ru"; nocase; ) # infowinboth.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001087; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|infowinboth|04|ddns|03|net"; nocase; ) # inocnation.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001088; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|inocnation|03|com"; nocase; ) # intelsupport.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001089; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|intelsupport|03|net"; nocase; ) # internet-security2013.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001090; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|internet-security2013|03|com"; nocase; ) # intexpressform.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001091; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|intexpressform|03|com"; nocase; ) # invoicelibrary.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001092; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|invoicelibrary|03|com"; nocase; ) # invoiceseclib.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001093; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|invoiceseclib|03|com"; nocase; ) # iphonenewsd.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001094; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|iphonenewsd|02|co|02|vu"; nocase; ) # iqjlyjxplidpbbpuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001095; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|iqjlyjxplidpbbpuh|03|com"; nocase; ) # irishjuice.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001096; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|irishjuice|02|su"; nocase; ) # islandmetalworks.co.ke [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001097; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|islandmetalworks|02|co|02|ke"; nocase; ) # istinuskazat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001098; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|istinuskazat|03|com"; nocase; ) # it885.com.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001099; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|it885|03|com|02|cn"; nocase; ) # itemagic.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001100; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|itemagic|03|net"; nocase; ) # j0lodbsnafz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001101; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|j0lodbsnafz|03|com"; nocase; ) # jabruslan.noip.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001102; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|jabruslan|04|noip|02|me"; nocase; ) # jackropely.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001103; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|jackropely|03|org"; nocase; ) # japangmt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001104; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|japangmt|03|net"; nocase; ) # jaxgd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001105; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jaxgd|03|com"; nocase; ) # jhska.cable.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001106; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jhska|05|cable|02|nu"; nocase; ) # jimmymorisonguitars.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001107; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|jimmymorisonguitars|03|com"; nocase; ) # jnndj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001108; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jnndj|03|com"; nocase; ) # johnmiheventim.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001109; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|johnmiheventim|02|ru"; nocase; ) # juraganht.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001110; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|juraganht|03|com"; nocase; ) # justskill.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001111; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|justskill|02|su"; nocase; ) # k2aninsrc0mtqj3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001112; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|k2aninsrc0mtqj3|04|ddns|03|net"; nocase; ) # k2t6i2yeodm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001113; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|k2t6i2yeodm|03|biz"; nocase; ) # k3apriz4ylkaz.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001114; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|k3apriz4ylkaz|02|ga"; nocase; ) # kakoi5getulo5hvov5a.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001115; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|kakoi5getulo5hvov5a|02|ml"; nocase; ) # kakoigetulohvova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001116; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kakoigetulohvova|02|tk"; nocase; ) # kaprizylka.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001117; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaprizylka|02|gq"; nocase; ) # karlsadovnik75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001118; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|karlsadovnik75|03|com"; nocase; ) # karlsamochux2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001119; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|karlsamochux2|03|com"; nocase; ) # karlsasyxushee75.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001120; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|karlsasyxushee75|03|com"; nocase; ) # kazsdcktusvovu34.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001121; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kazsdcktusvovu34|02|ml"; nocase; ) # kazsdcktusvovu34.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001122; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|kazsdcktusvovu34|02|tk"; nocase; ) # kesedrathow.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001123; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|kesedrathow|02|ru"; nocase; ) # kiana.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001124; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|kiana|03|com"; nocase; ) # kilogramvovu.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001125; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|cf"; nocase; ) # kilogramvovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001126; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|gq"; nocase; ) # kilogramvovu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001127; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kilogramvovu|02|tk"; nocase; ) # klixoprend.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001128; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|klixoprend|03|com"; nocase; ) # kpddkeeded.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001129; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kpddkeeded|02|tk"; nocase; ) # krbewsoiitaciki2s.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001130; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|krbewsoiitaciki2s|03|com"; nocase; ) # kruptcy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001131; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|kruptcy|03|com"; nocase; ) # kysochekvovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001132; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kysochekvovu|02|ml"; nocase; ) # laminat-classen.by [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001133; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|laminat-classen|02|by"; nocase; ) # landors.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001134; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|landors|03|org"; nocase; ) # laptop-hub.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001135; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|laptop-hub|02|in"; nocase; ) # largeangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001136; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|largeangry|03|net"; nocase; ) # largebutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001137; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|largebutter|03|net"; nocase; ) # lasttrainforest.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001138; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|lasttrainforest|03|com"; nocase; ) # led3dddga4xgj44.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001139; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|led3dddga4xgj44|03|com"; nocase; ) # lehnjb.epac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001140; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|lehnjb|04|epac|02|to"; nocase; ) # letrasnick.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001141; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|letrasnick|03|com"; nocase; ) # letskype.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001142; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|letskype|03|net"; nocase; ) # lifehealthsanfrancisco2015.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001143; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1a|lifehealthsanfrancisco2015|03|com"; nocase; ) # lilydaleponyclub.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001144; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|lilydaleponyclub|03|com|02|au"; nocase; ) # linode.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001145; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|linode|03|com"; nocase; ) # lkdsjfdsd.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001146; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lkdsjfdsd|02|co|02|vu"; nocase; ) # lkjhgfdsa03.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001147; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|lkjhgfdsa03|03|xyz"; nocase; ) # loawelis.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001148; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|loawelis|03|org"; nocase; ) # login-osce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001149; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|login-osce|03|org"; nocase; ) # loliqooq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001150; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|loliqooq|04|ddns|03|net"; nocase; ) # longcold.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001151; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|longcold|03|net"; nocase; ) # lvzyjwj1fakh55i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001152; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|lvzyjwj1fakh55i|03|com"; nocase; ) # m2d4berdzej8x1o.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001153; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|m2d4berdzej8x1o|04|info"; nocase; ) # m2w9c4qaqdj8x1o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001154; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|m2w9c4qaqdj8x1o|03|net"; nocase; ) # mae2d2tejdt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001155; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mae2d2tejdt|04|info"; nocase; ) # magalyamaya.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001156; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|magalyamaya|04|mooo|03|com"; nocase; ) # malwarecheck.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001157; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|malwarecheck|04|info"; nocase; ) # manasjob.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001158; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|manasjob|03|com"; nocase; ) # manterinvoice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001159; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|manterinvoice|03|com"; nocase; ) # manushiyoga.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001160; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|manushiyoga|03|com"; nocase; ) # manydocsfastrack.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001161; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|manydocsfastrack|03|com"; nocase; ) # market155.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001162; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|market155|02|ru"; nocase; ) # marubir.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001163; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|marubir|03|com"; nocase; ) # masters-traffic.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001164; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|masters-traffic|03|com"; nocase; ) # mediacontent.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001165; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mediacontent|02|us"; nocase; ) # mediacontent3.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001166; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|mediacontent3|02|us"; nocase; ) # meevehdar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001167; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|meevehdar|03|com"; nocase; ) # mega5checker.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001168; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mega5checker|04|mooo|03|com"; nocase; ) # membermaster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001169; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|membermaster|03|net"; nocase; ) # memr.oxti.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001170; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|memr|04|oxti|03|org"; nocase; ) # metobmo.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001171; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|metobmo|03|xyz"; nocase; ) # microloule461softc1pol361.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001172; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|microloule461softc1pol361|03|com"; nocase; ) # microsoft-outlook.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001173; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|microsoft-outlook|03|org"; nocase; ) # microsoftactiveservices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001174; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|microsoftactiveservices|03|com"; nocase; ) # microsoftmiddleast.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001175; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|microsoftmiddleast|03|com"; nocase; ) # microsoftupdate.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001176; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|microsoftupdate|02|co|02|vu"; nocase; ) # microsoftwindowsresources.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001177; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|microsoftwindowsresources|03|com"; nocase; ) # mike0147.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001178; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mike0147|04|ddns|03|net"; nocase; ) # milsatcom.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001179; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|milsatcom|02|us"; nocase; ) # mind-finder.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001180; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mind-finder|03|com"; nocase; ) # mixedwork.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001181; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mixedwork|03|com"; nocase; ) # mlfjcjssl.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001182; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mlfjcjssl|04|gicp|03|net"; nocase; ) # mm523.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001183; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|mm523|03|net"; nocase; ) # mno80.dwy.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001184; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|mno80|03|dwy|02|cc"; nocase; ) # mno995.dwy.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001185; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|mno995|03|dwy|02|cc"; nocase; ) # mol-government.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001186; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|mol-government|03|com"; nocase; ) # monogera.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001187; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|monogera|03|com"; nocase; ) # moskalvtumane.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001188; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|moskalvtumane|03|com"; nocase; ) # ms-software-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001189; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|ms-software-check|03|com"; nocase; ) # ms-software-genuine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001190; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|ms-software-genuine|03|com"; nocase; ) # msgenuine.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001191; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|msgenuine|03|net"; nocase; ) # msnserver.ddns.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001192; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|msnserver|04|ddns|02|us"; nocase; ) # msonlinecheck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001193; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|msonlinecheck|03|com"; nocase; ) # msonlineget.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001194; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|msonlineget|03|com"; nocase; ) # mtrealm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001195; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|mtrealm|04|ddns|03|net"; nocase; ) # muarocavhaqe.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001196; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|muarocavhaqe|04|ddns|03|net"; nocase; ) # mydocumentsholder.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001197; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|mydocumentsholder|03|com"; nocase; ) # mymama.oicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001198; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|mymama|04|oicp|03|net"; nocase; ) # mystoredoc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001199; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mystoredoc|03|com"; nocase; ) # nabzerd.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001200; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nabzerd|02|co|02|vu"; nocase; ) # namille.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001201; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|namille|03|org"; nocase; ) # nasdaqblog.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001202; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nasdaqblog|03|net"; nocase; ) # neotoexplorechicago.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001203; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|neotoexplorechicago|03|net"; nocase; ) # new-driver-upgrade.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001204; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|new-driver-upgrade|03|com"; nocase; ) # neyetta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001205; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|neyetta|03|com"; nocase; ) # nightangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001206; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nightangry|03|net"; nocase; ) # ninghaprewrof.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001207; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ninghaprewrof|02|ru"; nocase; ) # nomeatea.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001208; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|nomeatea|05|space"; nocase; ) # noproblemslove.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001209; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|noproblemslove|03|com"; nocase; ) # notleftrofugh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001210; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|notleftrofugh|02|ru"; nocase; ) # novinitie.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001211; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|novinitie|03|com"; nocase; ) # np3.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001212; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|np3|04|jkub|03|com"; nocase; ) # nsa.gov [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001213; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|nsa|03|gov"; nocase; ) # nskupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001214; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|nskupdate|03|com"; nocase; ) # nt-windows-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001215; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|nt-windows-check|03|com"; nocase; ) # nt-windows-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001216; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nt-windows-online|03|com"; nocase; ) # nyrtazolas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001217; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nyrtazolas|03|com"; nocase; ) # nytuvo123vaigavno.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001218; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nytuvo123vaigavno|02|ga"; nocase; ) # nytuvo123vaigavno.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001219; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|nytuvo123vaigavno|02|gq"; nocase; ) # nytuvovaigavno.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001220; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|nytuvovaigavno|02|ml"; nocase; ) # o5dec1berdn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001221; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|o5dec1berdn|04|info"; nocase; ) # o5o8c1berdn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001222; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|o5o8c1berdn|03|net"; nocase; ) # oay4vbx7dfe8s1v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001223; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|oay4vbx7dfe8s1v|03|net"; nocase; ) # obstipatie.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001224; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|obstipatie|02|nu"; nocase; ) # odmwooyyfoysnc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001225; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|odmwooyyfoysnc|03|com"; nocase; ) # office-revision.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001226; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|office-revision|03|com"; nocase; ) # official-uploads.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001227; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|official-uploads|03|com"; nocase; ) # oldfirefox.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001228; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|oldfirefox|02|su"; nocase; ) # onlink.epac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001229; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|onlink|04|epac|02|to"; nocase; ) # opjis123.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001230; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|opjis123|04|ddns|03|net"; nocase; ) # osce-oscc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001231; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|osce-oscc|03|org"; nocase; ) # osce-press.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001232; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|osce-press|03|org"; nocase; ) # osgenuine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001233; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|osgenuine|03|com"; nocase; ) # outlookexchange.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001234; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|outlookexchange|03|net"; nocase; ) # outlookscansafe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001235; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|outlookscansafe|03|net"; nocase; ) # oxda13oess.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001236; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|oxda13oess|03|com"; nocase; ) # pallodare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001237; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pallodare|03|com"; nocase; ) # palmeretas.com.ar [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001238; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|palmeretas|03|com|02|ar"; nocase; ) # pasnirthland.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001239; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|pasnirthland|03|com"; nocase; ) # patriotp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001240; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|patriotp|03|com"; nocase; ) # pavlov.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001241; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|pavlov|03|xyz"; nocase; ) # paypolik.esy.es [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001242; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|paypolik|03|esy|02|es"; nocase; ) # pdfviewapp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001243; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pdfviewapp|03|com"; nocase; ) # perutrilhainca.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001244; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|perutrilhainca|03|com"; nocase; ) # pianolessons.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001245; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|pianolessons|02|co|02|vu"; nocase; ) # pingserver.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001246; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pingserver|04|info"; nocase; ) # play-mob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001247; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|play-mob|03|org"; nocase; ) # playboysplus.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001248; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|playboysplus|03|com"; nocase; ) # plushbr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001249; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|plushbr|03|com"; nocase; ) # pndrdbgijushci.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001250; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|pndrdbgijushci|03|com"; nocase; ) # pnoc-ec.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001251; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|pnoc-ec|04|vicp|03|net"; nocase; ) # podvigtitanika.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001252; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|podvigtitanika|03|com"; nocase; ) # pokerseru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001253; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pokerseru|03|com"; nocase; ) # poly-poly.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001254; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|poly-poly|03|net"; nocase; ) # pornflashvideo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001255; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|pornflashvideo|03|com"; nocase; ) # pornodrome.tv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001256; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pornodrome|02|tv"; nocase; ) # pornomos.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001257; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pornomos|02|ru"; nocase; ) # pos-softwareupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001258; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pos-softwareupdate|03|com"; nocase; ) # pqwmotleodoriw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001259; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|pqwmotleodoriw|03|net"; nocase; ) # pratikconsultancy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001260; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|pratikconsultancy|03|com"; nocase; ) # pressmil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001261; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pressmil|03|com"; nocase; ) # prince24.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001262; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|prince24|04|ddns|03|net"; nocase; ) # prismagot.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001263; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|prismagot|02|eu"; nocase; ) # projawor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001264; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|projawor|03|net"; nocase; ) # prosoknf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001265; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|prosoknf|03|com"; nocase; ) # prosto24.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001266; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|prosto24|03|net"; nocase; ) # psiphone3.noip.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001267; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|psiphone3|04|noip|02|me"; nocase; ) # punam.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001268; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|punam|02|in"; nocase; ) # q0yfy052w2ihkjox1nsp5n3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001269; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|q0yfy052w2ihkjox1nsp5n3|04|ddns|03|net"; nocase; ) # qemyxsdigi.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001270; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|qemyxsdigi|04|info"; nocase; ) # qfwd7x38abyje0mrormjyd5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001271; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|qfwd7x38abyje0mrormjyd5|04|ddns|03|net"; nocase; ) # qoog1e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001272; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|qoog1e|03|com"; nocase; ) # quartlet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001273; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|quartlet|03|com"; nocase; ) # quick-net.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001274; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|quick-net|04|info"; nocase; ) # quietbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001275; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|quietbehind|03|net"; nocase; ) # qularivafou.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001276; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|qularivafou|04|ddns|03|net"; nocase; ) # ra1nru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001277; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ra1nru|03|com"; nocase; ) # rapidmemorylink.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001278; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|rapidmemorylink|03|com"; nocase; ) # rearmheadfire.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001279; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|rearmheadfire|03|com"; nocase; ) # rebledughid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001280; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rebledughid|03|com"; nocase; ) # recordbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001281; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|recordbehind|03|net"; nocase; ) # recordbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001282; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|recordbroad|03|net"; nocase; ) # recorddried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001283; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|recorddried|03|net"; nocase; ) # redesparda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001284; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|redesparda|03|com"; nocase; ) # refherssuce.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001285; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|refherssuce|02|ru"; nocase; ) # religion.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001286; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|religion|04|xicp|03|net"; nocase; ) # relom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001287; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|relom|03|org"; nocase; ) # rendercodec.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001288; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rendercodec|04|info"; nocase; ) # reparalia.es [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001289; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|reparalia|02|es"; nocase; ) # residenciasil.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001290; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|residenciasil|03|com"; nocase; ) # resqdocsfirm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001291; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|resqdocsfirm|03|com"; nocase; ) # retrett.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001292; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|retrett|02|co|02|vu"; nocase; ) # rhebrisaf.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001293; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|rhebrisaf|03|xyz"; nocase; ) # ria-ru.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001294; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ria-ru|04|xicp|03|net"; nocase; ) # rinheckguny.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001295; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rinheckguny|02|ru"; nocase; ) # riusdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001296; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|riusdu|03|com"; nocase; ) # rmdszms.ro [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001297; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|rmdszms|02|ro"; nocase; ) # rocklandleasing.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001298; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|rocklandleasing|03|com"; nocase; ) # rosupletwas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001299; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|rosupletwas|03|com"; nocase; ) # rqxba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001300; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|rqxba|03|com"; nocase; ) # rxxiaoao.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001301; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|rxxiaoao|03|com"; nocase; ) # rzal.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001302; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|rzal|02|pl"; nocase; ) # s2simsdor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001303; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|s2simsdor|03|com"; nocase; ) # samsung-update.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001304; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|samsung-update|03|net"; nocase; ) # sandvicaa.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001305; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|sandvicaa|02|pw"; nocase; ) # sarawork.io [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001306; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|sarawork|02|io"; nocase; ) # savepic.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001307; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|savepic|02|su"; nocase; ) # scanmalware.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001308; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|scanmalware|04|info"; nocase; ) # scara123.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001309; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|scara123|03|com"; nocase; ) # scorpyofilms.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001310; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|scorpyofilms|03|com"; nocase; ) # scvhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001311; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|scvhost|03|com"; nocase; ) # sdfochekvovu4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001312; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sdfochekvovu4|02|tk"; nocase; ) # seasonbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001313; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|seasonbehind|03|net"; nocase; ) # security.hpe.tw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001314; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|security|03|hpe|02|tw"; nocase; ) # securityserviceauto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001315; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|securityserviceauto|03|com"; nocase; ) # sentracatering.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001316; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|sentracatering|03|com"; nocase; ) # serfilefnom.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001317; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|serfilefnom|02|ru"; nocase; ) # serveflash.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001318; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|serveflash|04|info"; nocase; ) # sherkatkonandeh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001319; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|sherkatkonandeh|03|com"; nocase; ) # shivue.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001320; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|shivue|03|org"; nocase; ) # shmetterheath.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001321; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|shmetterheath|02|ru"; nocase; ) # signin-verify.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001322; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|signin-verify|03|com"; nocase; ) # skinder-chatcast-topcat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001323; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|skinder-chatcast-topcat|03|net"; nocase; ) # smart-access.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001324; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|smart-access|03|net"; nocase; ) # smoothmovin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001325; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|smoothmovin|03|com"; nocase; ) # smtp.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001326; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|smtp|02|gq"; nocase; ) # soft.epac.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001327; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|soft|04|epac|02|to"; nocase; ) # sony36.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001328; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|sony36|03|com"; nocase; ) # soqda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001329; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|soqda|03|com"; nocase; ) # spacewing1.vicp.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001330; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|spacewing1|04|vicp|02|cc"; nocase; ) # sptc.co.sz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001331; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|sptc|02|co|02|sz"; nocase; ) # squarestripe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001332; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|squarestripe|03|com"; nocase; ) # srv112-237-186-93.vk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001333; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|srv112-237-186-93|02|vk|03|com"; nocase; ) # ssl-vait.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001334; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|ssl-vait|03|com"; nocase; ) # sslmails.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001335; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|sslmails|03|com"; nocase; ) # starpowerss.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001336; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|starpowerss|03|com"; nocase; ) # start-vedioing.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001337; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|start-vedioing|03|net"; nocase; ) # stonehoof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001338; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|stonehoof|03|com"; nocase; ) # su.noip.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001339; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|su|04|noip|02|us"; nocase; ) # super-cpu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001340; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|super-cpu|03|net"; nocase; ) # support-appstore.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001341; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|support-appstore|03|net"; nocase; ) # susdrego.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001342; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|susdrego|03|xyz"; nocase; ) # svars-sta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001343; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|svars-sta|03|com"; nocase; ) # svchost-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001344; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|svchost-online|03|com"; nocase; ) # svpportoffice.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001345; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|svpportoffice|03|com"; nocase; ) # swissprox.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001346; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|swissprox|02|eu"; nocase; ) # swupdt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001347; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|swupdt|03|com"; nocase; ) # sykavovaloh.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001348; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sykavovaloh|02|ml"; nocase; ) # sykavovalohzz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001349; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sykavovalohzz|02|ml"; nocase; ) # sykavovalohzz.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001350; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sykavovalohzz|02|tk"; nocase; ) # tabidzuwek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001351; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|tabidzuwek|03|com"; nocase; ) # tahimoteev.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001352; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|tahimoteev|04|ddns|03|net"; nocase; ) # tajjquartet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001353; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|tajjquartet|03|com"; nocase; ) # taking-technology.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001354; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|taking-technology|03|com"; nocase; ) # talahedtug.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001355; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|talahedtug|02|ru"; nocase; ) # tamgusyam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001356; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tamgusyam|03|com"; nocase; ) # tanhadhidown.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001357; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tanhadhidown|02|ru"; nocase; ) # techasiamusicsvr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001358; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|techasiamusicsvr|03|com"; nocase; ) # techcruncln.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001359; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|techcruncln|03|com"; nocase; ) # techine.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001360; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|techine|04|info"; nocase; ) # technicserv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001361; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|technicserv|03|com"; nocase; ) # teenland.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001362; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|teenland|03|biz"; nocase; ) # teenslutsporn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001363; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|teenslutsporn|03|com"; nocase; ) # teensreal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001364; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|teensreal|03|com"; nocase; ) # teever.mn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001365; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|teever|02|mn"; nocase; ) # telegram-apps.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001366; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|telegram-apps|03|org"; nocase; ) # telesport.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001367; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|telesport|04|mooo|03|com"; nocase; ) # teoslim.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001368; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|teoslim|02|cf"; nocase; ) # tequeryomuch.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001369; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tequeryomuch|05|space"; nocase; ) # thebeautythesis.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001370; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|thebeautythesis|03|com"; nocase; ) # thedancingbutterfly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001371; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|thedancingbutterfly|03|com"; nocase; ) # thevangog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001372; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|thevangog|03|com"; nocase; ) # thoughtmaster.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001373; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|thoughtmaster|03|net"; nocase; ) # timechk1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001374; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk1|03|net"; nocase; ) # timechk10.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001375; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk10|03|net"; nocase; ) # timechk11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001376; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk11|03|net"; nocase; ) # timechk12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001377; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk12|03|com"; nocase; ) # timechk12.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001378; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk12|03|net"; nocase; ) # timechk13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001379; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk13|03|net"; nocase; ) # timechk14.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001380; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk14|03|com"; nocase; ) # timechk16.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001381; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk16|03|net"; nocase; ) # timechk18.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001382; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk18|03|com"; nocase; ) # timechk21.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001383; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk21|03|com"; nocase; ) # timechk23.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001384; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk23|03|net"; nocase; ) # timechk28.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001385; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk28|03|net"; nocase; ) # timechk6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001386; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk6|03|net"; nocase; ) # timechk7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001387; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk7|03|org"; nocase; ) # timechk9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001388; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk9|03|com"; nocase; ) # timechk9.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001389; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk9|03|org"; nocase; ) # tixufaheurvo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001390; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tixufaheurvo|04|ddns|03|net"; nocase; ) # tonecarighthe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001391; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tonecarighthe|02|ru"; nocase; ) # tontuldverbab.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001392; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tontuldverbab|02|ru"; nocase; ) # topcomfort.com.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001393; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|topcomfort|03|com|02|ua"; nocase; ) # tor-projects.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001394; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tor-projects|03|org"; nocase; ) # tornishineynarkkek2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001395; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|tornishineynarkkek2|03|org"; nocase; ) # tqadnvxgppn1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001396; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tqadnvxgppn1|03|com"; nocase; ) # trader562.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001397; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|trader562|03|com"; nocase; ) # transkf.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001398; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|transkf|02|tk"; nocase; ) # tropiccritics.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001399; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tropiccritics|03|com"; nocase; ) # trysuvovki.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001400; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|trysuvovki|02|ga"; nocase; ) # trysuvovki.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001401; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|trysuvovki|02|ml"; nocase; ) # trysuvovki.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001402; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|trysuvovki|02|tk"; nocase; ) # tsvswququsamqaqq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001403; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|tsvswququsamqaqq|03|net"; nocase; ) # tw252.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001404; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|tw252|04|gicp|03|net"; nocase; ) # udebliena.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001405; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|udebliena|04|ddns|03|net"; nocase; ) # uityiuetyruieytreuiyt.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001406; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|uityiuetyruieytreuiyt|02|co|02|vu"; nocase; ) # uizizthesocialmediaguide.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001407; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|uizizthesocialmediaguide|03|net"; nocase; ) # ukwoubapgi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001408; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ukwoubapgi|04|ddns|03|net"; nocase; ) # uldhowhedtca.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001409; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|uldhowhedtca|02|ru"; nocase; ) # unionnewsreport.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001410; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|unionnewsreport|03|net"; nocase; ) # upay360.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001411; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|upay360|02|cn"; nocase; ) # uppcl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001412; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|uppcl|03|org"; nocase; ) # use.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001413; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|use|04|mooo|03|com"; nocase; ) # ustradecomp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001414; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|ustradecomp|03|com"; nocase; ) # uygur.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001415; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|uygur|04|eicp|03|net"; nocase; ) # vabuibofqouxog.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001416; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vabuibofqouxog|04|ddns|03|net"; nocase; ) # vdrygvovanemydak55.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001417; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak55|02|ml"; nocase; ) # vdrygvovanemydak77.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001418; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak77|02|ga"; nocase; ) # vdrygvovanemydak77.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001419; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vdrygvovanemydak77|02|ml"; nocase; ) # vebiabipkilo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001420; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|vebiabipkilo|04|ddns|03|net"; nocase; ) # veetdohi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001421; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|veetdohi|02|ru"; nocase; ) # venitial.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001422; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|venitial|03|org"; nocase; ) # veret-sapan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001423; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|veret-sapan|03|com"; nocase; ) # verifiedcamslive.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001424; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|verifiedcamslive|03|com"; nocase; ) # vesm-arast.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001425; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|vesm-arast|03|com"; nocase; ) # videosfero.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001426; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|videosfero|02|ru"; nocase; ) # videosk.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001427; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|videosk|04|info"; nocase; ) # videoskype.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001428; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|videoskype|02|ru"; nocase; ) # videoupdates.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001429; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|videoupdates|03|org"; nocase; ) # vidxx.mobi [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001430; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|vidxx|04|mobi"; nocase; ) # villhassgom.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001431; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|villhassgom|03|xyz"; nocase; ) # viplenta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001432; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|viplenta|03|com"; nocase; ) # viprainru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001433; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|viprainru|03|com"; nocase; ) # viprambler.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001434; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|viprambler|03|com"; nocase; ) # vircheck.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001435; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|vircheck|03|com"; nocase; ) # vomsg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001436; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|vomsg|03|com"; nocase; ) # vovapizdadolboeb.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001437; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovapizdadolboeb|02|cf"; nocase; ) # vovapro100gandon.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001438; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovapro100gandon|02|ml"; nocase; ) # vovegarfdghhtom.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001439; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|vovegarfdghhtom|02|ga"; nocase; ) # vovegarfdghhtom.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001440; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|vovegarfdghhtom|02|ml"; nocase; ) # vovegaryackoletom.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001441; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vovegaryackoletom|02|ga"; nocase; ) # vovegaryackoletom.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001442; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vovegaryackoletom|02|tk"; nocase; ) # voveholodnozimoi.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001443; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|voveholodnozimoi|02|tk"; nocase; ) # vovenehuevotak.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001444; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|cf"; nocase; ) # vovewegdfnozimoi.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001445; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovewegdfnozimoi|02|tk"; nocase; ) # vsdylqjfrdqaxzyd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001446; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vsdylqjfrdqaxzyd|03|com"; nocase; ) # vucjunrhckgaiyae.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001447; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vucjunrhckgaiyae|03|com"; nocase; ) # w6ujkjax343r1t3lq4o.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001448; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|w6ujkjax343r1t3lq4o|04|ddns|03|net"; nocase; ) # walkingdead32.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001449; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|walkingdead32|02|ru"; nocase; ) # walterclean.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001450; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|walterclean|03|com"; nocase; ) # wastolddinghes.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001451; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|wastolddinghes|02|ru"; nocase; ) # we11point.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001452; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|we11point|03|com"; nocase; ) # weekend-service.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001453; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|weekend-service|03|com"; nocase; ) # wellpoint.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001454; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|wellpoint|03|net"; nocase; ) # wellsfargoemail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001455; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|wellsfargoemail|03|com"; nocase; ) # wereldpas-2016.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001456; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|wereldpas-2016|02|nl"; nocase; ) # wessexwarriors.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001457; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|wessexwarriors|02|co|02|uk"; nocase; ) # wfe23x16e4khat5vgxo0s8s.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001458; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|wfe23x16e4khat5vgxo0s8s|04|ddns|03|net"; nocase; ) # whoknowsshitheadforyoutoudrunkfuckyou.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001459; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|25|whoknowsshitheadforyoutoudrunkfuckyou|02|co|02|vu"; nocase; ) # whotwi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001460; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|whotwi|03|com"; nocase; ) # windowscentralupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001461; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|windowscentralupdate|03|com"; nocase; ) # wink.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001462; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|wink|02|ws"; nocase; ) # wins-driver-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001463; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|wins-driver-check|03|com"; nocase; ) # wins-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001464; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|wins-update|03|com"; nocase; ) # wlytono6mjedgl1ro41pcj7.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001465; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|wlytono6mjedgl1ro41pcj7|04|ddns|03|net"; nocase; ) # wm.ggpw.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001466; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|wm|04|ggpw|02|pw"; nocase; ) # womanpresident.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001467; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|womanpresident|03|net"; nocase; ) # wondertechmy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001468; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|wondertechmy|03|com"; nocase; ) # wtoykfedxrmujcvsalhqipz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001469; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|wtoykfedxrmujcvsalhqipz|03|net"; nocase; ) # wunslewi.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001470; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|wunslewi|03|xyz"; nocase; ) # wuzu520.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001471; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|wuzu520|03|com"; nocase; ) # www.dicoz.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001472; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|05|dicoz|02|fr"; nocase; ) # www.yunw.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001473; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|yunw|03|top"; nocase; ) # wwwsexvidio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001474; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|wwwsexvidio|03|com"; nocase; ) # wx.iosyy.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001475; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|wx|05|iosyy|02|me"; nocase; ) # xa.yimg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001476; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|xa|04|yimg|03|com"; nocase; ) # xha-mster.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001477; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xha-mster|03|com"; nocase; ) # xmailliwx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001478; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xmailliwx|03|com"; nocase; ) # xmoqu38hasdf0opw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001479; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|xmoqu38hasdf0opw|03|com"; nocase; ) # xnanomailing.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001480; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|xnanomailing|03|com"; nocase; ) # xxxmobiletubez.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001481; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|xxxmobiletubez|03|com"; nocase; ) # xyyk01.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001482; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|xyyk01|04|gicp|03|net"; nocase; ) # y3aaa48a7056d7075c3760cdbd90a75b8f.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001483; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|y3aaa48a7056d7075c3760cdbd90a75b8f|02|cc"; nocase; ) # ya.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001484; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|ya|02|ru"; nocase; ) # yah00mail.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001485; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|yah00mail|04|gicp|03|net"; nocase; ) # yahooair.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001486; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|yahooair|03|com"; nocase; ) # ydoapqgxeqmvsugz.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001487; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|ydoapqgxeqmvsugz|05|onion"; nocase; ) # yesitisqqq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001488; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|yesitisqqq|03|com"; nocase; ) # yoksfffhvizk8z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001489; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|yoksfffhvizk8z|03|com"; nocase; ) # ys168.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001490; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ys168|03|com"; nocase; ) # ytq0olsbahc8ujwhuhs6m0a.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001491; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|ytq0olsbahc8ujwhuhs6m0a|04|ddns|03|net"; nocase; ) # yyfaimjmocdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001492; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|yyfaimjmocdu|03|com"; nocase; ) # zabeir5374hnotvova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001493; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|zabeir5374hnotvova|02|ga"; nocase; ) # zabeir5374hnotvova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001494; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|zabeir5374hnotvova|02|gq"; nocase; ) # zabeirotvova.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001495; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zabeirotvova|02|gq"; nocase; ) # zabeirotvova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001496; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zabeirotvova|02|ml"; nocase; ) # zaniatpizdets.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001497; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zaniatpizdets|03|com"; nocase; ) # zdravstvuyfm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001498; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zdravstvuyfm|03|com"; nocase; ) # zemo-numeros.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001499; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zemo-numeros|03|com"; nocase; ) # zgmtsale.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001500; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zgmtsale|03|com"; nocase; ) # zoo-porn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001501; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zoo-porn|03|net"; nocase; ) # zoramtax.inc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001502; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zoramtax|03|inc|02|in"; nocase; ) # zvovapeterda1.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001503; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zvovapeterda1|02|ga"; nocase; ) # 0906.toh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001504; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|0906|03|toh|04|info"; nocase; ) # 0n4tblbdfncaauxioxto.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001505; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|0n4tblbdfncaauxioxto|04|ddns|03|net"; nocase; ) # 29a.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001506; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|29a|02|de"; nocase; ) # 2kjb9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001507; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|2kjb9|03|net"; nocase; ) # 34324325kgkgfkgf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001508; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|34324325kgkgfkgf|03|com"; nocase; ) # 42kjb11.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001509; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|42kjb11|03|net"; nocase; ) # 557869.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001510; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|557869|03|com"; nocase; ) # 567mt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001511; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|567mt|03|com"; nocase; ) # 59njm3tgtwggfu3.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001512; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|59njm3tgtwggfu3|03|com"; nocase; ) # 63ghdye17.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001513; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|63ghdye17|03|com"; nocase; ) # 66ygg.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001514; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|66ygg|02|gq"; nocase; ) # 69gang.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001515; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|69gang|03|com"; nocase; ) # 7hwr34n18.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001516; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|7hwr34n18|03|com"; nocase; ) # a1c5.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001517; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|a1c5|02|tk"; nocase; ) # a4yhexpmth2ldj3v.onion [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001518; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|a4yhexpmth2ldj3v|05|onion"; nocase; ) # aaa.swhk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001519; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|aaa|04|swhk|03|net"; nocase; ) # aabazrewdatupogre.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001520; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabazrewdatupogre|02|gq"; nocase; ) # aabazrewdatupogre.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001521; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|aabazrewdatupogre|02|ml"; nocase; ) # accountid-apple.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001522; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|accountid-apple|03|com"; nocase; ) # acount-help.co.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001523; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|acount-help|02|co|03|com"; nocase; ) # acvariimarine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001524; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|acvariimarine|03|com"; nocase; ) # adhotspot.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001525; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|adhotspot|03|biz"; nocase; ) # adode-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001526; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|adode-update|03|com"; nocase; ) # adservicestats.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001527; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|adservicestats|03|com"; nocase; ) # affiliand.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001528; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|affiliand|03|com"; nocase; ) # afive.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001529; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|afive|03|net"; nocase; ) # againstangry.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001530; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|againstangry|03|net"; nocase; ) # agaliarept.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001531; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|agaliarept|03|com"; nocase; ) # agdedopribili.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001532; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|agdedopribili|03|com"; nocase; ) # agentclientclient.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001533; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|agentclientclient|02|me"; nocase; ) # ahnielinkury.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001534; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ahnielinkury|03|net"; nocase; ) # ahyushkavovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001535; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ahyushkavovu|02|ml"; nocase; ) # akam.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001536; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|akam|03|net"; nocase; ) # aktogavnovova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001537; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|aktogavnovova|02|ml"; nocase; ) # al-rddadi.com.sa [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001538; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|al-rddadi|03|com|02|sa"; nocase; ) # alamoadgroup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001539; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|alamoadgroup|03|com"; nocase; ) # alien12socket.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001540; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|alien12socket|04|ddns|03|net"; nocase; ) # alienspy2.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001541; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|alienspy2|04|ddns|03|net"; nocase; ) # aliserv2013.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001542; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|aliserv2013|02|ru"; nocase; ) # allinanma.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001543; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|allinanma|03|xyz"; nocase; ) # allowclientaxpalagent.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001544; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|allowclientaxpalagent|02|me"; nocase; ) # alongroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001545; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|alongroad|03|net"; nocase; ) # andrlova-manager.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001546; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|andrlova-manager|03|com"; nocase; ) # andromike.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001547; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|andromike|03|com"; nocase; ) # andropaul.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001548; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|andropaul|03|com"; nocase; ) # anptlnadkpkhmc3.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001549; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|anptlnadkpkhmc3|03|net"; nocase; ) # antivirus-up.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001550; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|antivirus-up|03|com"; nocase; ) # anylowso.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001551; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|anylowso|03|xyz"; nocase; ) # anywhere-staring.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001552; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|anywhere-staring|03|com"; nocase; ) # aogf.co.ke [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001553; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|aogf|02|co|02|ke"; nocase; ) # apipiskavovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001554; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|apipiskavovu|02|gq"; nocase; ) # apipiskavovujgf.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001555; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|apipiskavovujgf|02|ga"; nocase; ) # apipiskavovujgf.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001556; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|apipiskavovujgf|02|ml"; nocase; ) # appeal.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001557; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|appeal|02|ml"; nocase; ) # applefinder.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001558; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|applefinder|02|eu"; nocase; ) # appleupdate.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001559; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|appleupdate|03|biz"; nocase; ) # apps-guard.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001560; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|apps-guard|03|com"; nocase; ) # arcticllp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001561; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|arcticllp|03|com"; nocase; ) # asop83uyteramxop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001562; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|asop83uyteramxop|03|com"; nocase; ) # asozcmwuukrgydmzb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001563; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|asozcmwuukrgydmzb|03|com"; nocase; ) # assso.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001564; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|assso|03|net"; nocase; ) # astro-travels.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001565; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|astro-travels|03|net"; nocase; ) # atomictrivia.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001566; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|atomictrivia|02|ru"; nocase; ) # ausameetings.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001567; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|ausameetings|03|com"; nocase; ) # auvovumalenkiu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001568; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|auvovumalenkiu|02|gq"; nocase; ) # auvovumalenkiu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001569; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|auvovumalenkiu|02|tk"; nocase; ) # auvovumalenkiu678.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001570; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|auvovumalenkiu678|02|ga"; nocase; ) # auvovumalenkiu678.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001571; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|auvovumalenkiu678|02|gq"; nocase; ) # avdrygvovanemydak.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001572; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|cf"; nocase; ) # avdrygvovanemydak.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001573; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|ga"; nocase; ) # avdrygvovanemydak.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001574; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|gq"; nocase; ) # avdrygvovanemydak.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001575; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|ml"; nocase; ) # avdrygvovanemydak.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001576; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|avdrygvovanemydak|02|tk"; nocase; ) # avdrygvovanemydak1.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001577; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|avdrygvovanemydak1|02|gq"; nocase; ) # avdrygvovanemydakaa.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001578; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|avdrygvovanemydakaa|02|tk"; nocase; ) # avdrygvovanemydakaa5.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001579; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|avdrygvovanemydakaa5|02|ml"; nocase; ) # avdrygvovanemydakzz3.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001580; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|avdrygvovanemydakzz3|02|cf"; nocase; ) # avdrygvovanemyz.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001581; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|avdrygvovanemyz|02|tk"; nocase; ) # avovagomosek.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001582; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovagomosek|02|cf"; nocase; ) # avovagomosek2.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001583; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|ga"; nocase; ) # avovagomosek2.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001584; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|gq"; nocase; ) # avovagomosek2.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001585; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|avovagomosek2|02|ml"; nocase; ) # avovakusokgavna.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001586; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|avovakusokgavna|02|gq"; nocase; ) # avovapeterda.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001587; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|avovapeterda|02|ml"; nocase; ) # avovapeterda77.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001588; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|avovapeterda77|02|cf"; nocase; ) # azvdrygvovanemyz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001589; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|azvdrygvovanemyz|02|ml"; nocase; ) # azvdrygvovanemyz81.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001590; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|azvdrygvovanemyz81|02|cf"; nocase; ) # baazsawetukovcsa.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001591; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|baazsawetukovcsa|02|ga"; nocase; ) # babkokohtybvcfreso.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001592; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|babkokohtybvcfreso|02|ga"; nocase; ) # bacuhytgbnvedhhko.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001593; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|bacuhytgbnvedhhko|02|ga"; nocase; ) # baepudavemanuel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001594; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|baepudavemanuel|03|net"; nocase; ) # baltichost.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001595; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|baltichost|03|org"; nocase; ) # banglasexyvideo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001596; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|banglasexyvideo|03|com"; nocase; ) # bankruptcompanynews.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001597; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|bankruptcompanynews|03|com"; nocase; ) # bannerzone.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001598; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|bannerzone|02|in"; nocase; ) # baomoi.coyo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001599; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|baomoi|04|coyo|02|eu"; nocase; ) # baugkoosdui.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001600; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|baugkoosdui|04|ddns|03|net"; nocase; ) # bb-apps-world.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001601; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|bb-apps-world|03|com"; nocase; ) # beatrinko.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001602; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|beatrinko|03|org"; nocase; ) # beinsportslivetv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001603; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|beinsportslivetv|03|com"; nocase; ) # beirut-memorial.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001604; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|beirut-memorial|03|org"; nocase; ) # best-drum-set.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001605; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|best-drum-set|03|com"; nocase; ) # bestcomputeradvisor.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001606; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|bestcomputeradvisor|03|com"; nocase; ) # bestcomputeradvisro.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001607; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|bestcomputeradvisro|04|info"; nocase; ) # biketools.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001608; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|biketools|02|ru"; nocase; ) # bitblogoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001609; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|bitblogoo|03|com"; nocase; ) # blackberry-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001610; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|blackberry-update|03|com"; nocase; ) # bloggarotosdegyn.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001611; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|bloggarotosdegyn|03|com|02|br"; nocase; ) # blogging-host.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001612; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|blogging-host|04|info"; nocase; ) # blogsute.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001613; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|blogsute|03|com"; nocase; ) # blyavovarealn44ogavno.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001614; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|blyavovarealn44ogavno|02|ga"; nocase; ) # blyavovarealn44ogavno.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001615; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|blyavovarealn44ogavno|02|ml"; nocase; ) # blyavovarealnogavno.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001616; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|blyavovarealnogavno|02|tk"; nocase; ) # bntnl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001617; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|bntnl|03|com"; nocase; ) # boch256on1okvovu.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001618; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|ga"; nocase; ) # boch256on1okvovu.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001619; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|ml"; nocase; ) # boch256on1okvovu.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001620; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|boch256on1okvovu|02|tk"; nocase; ) # bochonokvovu.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001621; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|bochonokvovu|02|gq"; nocase; ) # bodihemouxk.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001622; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|bodihemouxk|04|ddns|03|net"; nocase; ) # bogenyvovailoh.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001623; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bogenyvovailoh|02|gq"; nocase; ) # bogevovaneudachnik.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001624; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|bogevovaneudachnik|02|cf"; nocase; ) # bogevovaneudachnik.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001625; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|bogevovaneudachnik|02|tk"; nocase; ) # boxandpad.com.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001626; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|boxandpad|03|com|02|cn"; nocase; ) # breadbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001627; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|breadbroad|03|net"; nocase; ) # breadunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001628; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|breadunderstand|03|net"; nocase; ) # brokenpiano.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001629; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|brokenpiano|02|ru"; nocase; ) # businessdirectnessource.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001630; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|businessdirectnessource|03|com"; nocase; ) # businessedgeadvance.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001631; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|businessedgeadvance|03|com"; nocase; ) # buzzercom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001632; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|buzzercom|03|com"; nocase; ) # bvovapeterdass.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001633; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bvovapeterdass|02|cf"; nocase; ) # bvovapeterdass.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001634; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|bvovapeterdass|02|ml"; nocase; ) # bzfdcp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001635; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|bzfdcp|03|com"; nocase; ) # c1b1jfi2pdi8w1f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001636; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|c1b1jfi2pdi8w1f|03|net"; nocase; ) # c1jczbhcpdi8w1f.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001637; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|c1jczbhcpdi8w1f|03|biz"; nocase; ) # c9cca04cec2588918820cf33ba4337cca8.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001638; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|c9cca04cec2588918820cf33ba4337cca8|02|hk"; nocase; ) # cakedhisjohn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001639; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cakedhisjohn|03|com"; nocase; ) # cappadeterojo.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001640; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|cappadeterojo|02|eu"; nocase; ) # captainfifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001641; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|captainfifteen|03|net"; nocase; ) # cawasuse.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001642; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|cawasuse|02|ru"; nocase; ) # cawnqrvbmfgfysdb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001643; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|cawnqrvbmfgfysdb|03|com"; nocase; ) # centerssweet.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001644; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|centerssweet|02|cf"; nocase; ) # charging-technology.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001645; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|charging-technology|03|com"; nocase; ) # charmedno1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001646; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|charmedno1|03|com"; nocase; ) # chartered.co.th [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001647; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|chartered|02|co|02|th"; nocase; ) # chchengine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001648; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|chchengine|03|com"; nocase; ) # chebroom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001649; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|chebroom|03|com"; nocase; ) # chiproses.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001650; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|chiproses|03|net"; nocase; ) # chromeupdt.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001651; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|chromeupdt|02|tk"; nocase; ) # clients4-google.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001652; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|clients4-google|03|com"; nocase; ) # combilling.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001653; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|combilling|03|com"; nocase; ) # come-apple.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001654; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|come-apple|03|com"; nocase; ) # comixed.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001655; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|comixed|03|org"; nocase; ) # compagniealysia.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001656; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|compagniealysia|02|fr"; nocase; ) # confnet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001657; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|confnet|03|net"; nocase; ) # conforama.csod.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001658; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|conforama|04|csod|03|com"; nocase; ) # connectads.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001659; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|connectads|03|com"; nocase; ) # conntsopan.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001660; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|conntsopan|03|xyz"; nocase; ) # containy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001661; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|containy|03|com"; nocase; ) # continental-transit-mail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001662; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|18|continental-transit-mail|03|com"; nocase; ) # coolnclassy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001663; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|coolnclassy|03|com"; nocase; ) # coosiean.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001664; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|coosiean|03|xyz"; nocase; ) # correos-portal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001665; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|correos-portal|03|com"; nocase; ) # correos-portal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001666; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|correos-portal|03|net"; nocase; ) # crashinfo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001667; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|crashinfo|04|info"; nocase; ) # crenshaw-manager.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001668; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|crenshaw-manager|03|com"; nocase; ) # criollomedia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001669; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|criollomedia|03|com"; nocase; ) # csicohelp.ddns.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001670; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|csicohelp|04|ddns|02|us"; nocase; ) # cubbyusercontent.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001671; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|cubbyusercontent|03|com"; nocase; ) # cuencaluantricspace.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001672; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|cuencaluantricspace|03|com"; nocase; ) # cultureacess.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001673; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cultureacess|03|com"; nocase; ) # cvaglobal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001674; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|cvaglobal|03|com"; nocase; ) # cvovapeterda.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001675; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cvovapeterda|02|ga"; nocase; ) # cvovapeterda.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001676; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|cvovapeterda|02|gq"; nocase; ) # cvovapeterdaga.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001677; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|cvovapeterdaga|02|ga"; nocase; ) # daaserthupo.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001678; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daaserthupo|02|ga"; nocase; ) # daaserthupo.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001679; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daaserthupo|02|gq"; nocase; ) # dabuhutregl.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001680; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dabuhutregl|02|cf"; nocase; ) # dabuhutregl.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001681; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dabuhutregl|02|gq"; nocase; ) # daceduyokon.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001682; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daceduyokon|02|tk"; nocase; ) # dailynewsupdater.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001683; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dailynewsupdater|03|com"; nocase; ) # daladryport.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001684; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|daladryport|03|com"; nocase; ) # damavandkuh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001685; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|damavandkuh|03|com"; nocase; ) # damuk1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001686; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|damuk1|04|ddns|03|net"; nocase; ) # debka.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001687; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|debka|02|ga"; nocase; ) # decidefifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001688; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|decidefifteen|03|net"; nocase; ) # deepskype.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001689; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|deepskype|03|net"; nocase; ) # defendersecurityauto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001690; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|defendersecurityauto|03|com"; nocase; ) # deivekmiuwoxe.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001691; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|deivekmiuwoxe|04|ddns|03|net"; nocase; ) # derjihuy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001692; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|derjihuy|03|com"; nocase; ) # deruserbikl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001693; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|deruserbikl|03|com"; nocase; ) # deyrep24.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001694; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|deyrep24|04|ddns|03|net"; nocase; ) # dfj3d8w3n27.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001695; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dfj3d8w3n27|03|com"; nocase; ) # dfwsd.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001696; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|dfwsd|02|co|02|vu"; nocase; ) # dinghareun.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001697; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|dinghareun|02|ru"; nocase; ) # disaaxpalallow.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001698; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|disaaxpalallow|02|me"; nocase; ) # diskoco.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001699; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|diskoco|03|com"; nocase; ) # divenewsletter.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001700; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|divenewsletter|03|com"; nocase; ) # diyalready.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001701; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|diyalready|03|com"; nocase; ) # dkilograzmvovuf3.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001702; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dkilograzmvovuf3|02|gq"; nocase; ) # dll-host-check.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001703; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dll-host-check|03|com"; nocase; ) # dmforever.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001704; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dmforever|03|biz"; nocase; ) # doctorbetween.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001705; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|doctorbetween|03|net"; nocase; ) # doctrashformater.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001706; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|doctrashformater|03|com"; nocase; ) # document-organizer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001707; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|document-organizer|03|com"; nocase; ) # document-qiew-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001708; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|document-qiew-online|03|com"; nocase; ) # documentfacilitysec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001709; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|documentfacilitysec|03|com"; nocase; ) # documents-live.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001710; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|documents-live|03|com"; nocase; ) # doqument-view-online.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001711; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|doqument-view-online|03|com"; nocase; ) # dortwindfayer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001712; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|dortwindfayer|03|com"; nocase; ) # dotnetadvisor.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001713; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|dotnetadvisor|04|info"; nocase; ) # dotntexplorere.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001714; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|dotntexplorere|04|info"; nocase; ) # doubtarticle.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001715; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|doubtarticle|03|net"; nocase; ) # doubtdried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001716; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|doubtdried|03|net"; nocase; ) # doubtfifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001717; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|doubtfifteen|03|net"; nocase; ) # dovimos.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001718; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dovimos|03|org"; nocase; ) # drag2008.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001719; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|drag2008|03|com"; nocase; ) # dreplicag.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001720; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|dreplicag|02|ru"; nocase; ) # dribt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001721; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|dribt|03|com"; nocase; ) # drivercenterupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001722; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|drivercenterupdate|03|com"; nocase; ) # drives-google.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001723; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drives-google|02|co"; nocase; ) # drjizz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001724; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|drjizz|03|com"; nocase; ) # drygvovanemyda4.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001725; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|drygvovanemyda4|02|ml"; nocase; ) # drygvovanemyda4.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001726; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|drygvovanemyda4|02|tk"; nocase; ) # drygvovanemzz.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001727; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemzz|02|gq"; nocase; ) # drygvovanemzz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001728; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|drygvovanemzz|02|ml"; nocase; ) # dsffdsk323721372131.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001729; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|dsffdsk323721372131|03|com"; nocase; ) # dt1blog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001730; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|dt1blog|03|com"; nocase; ) # dtjqugz5wkc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001731; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|dtjqugz5wkc|03|com"; nocase; ) # dtnvleoidsncuz7i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001732; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|dtnvleoidsncuz7i|03|com"; nocase; ) # dynarunner.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001733; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|dynarunner|04|info"; nocase; ) # e3d68349d47efa0d5a9a92b1239bc4d48c.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001734; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|e3d68349d47efa0d5a9a92b1239bc4d48c|02|tk"; nocase; ) # easyadvertonline.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001735; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|easyadvertonline|03|com"; nocase; ) # edal.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001736; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|edal|02|cc"; nocase; ) # electricunderstand.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001737; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|electricunderstand|03|net"; nocase; ) # electronicfrontierfoundation.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001738; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1c|electronicfrontierfoundation|03|org"; nocase; ) # elorfans5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001739; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|elorfans5|03|com"; nocase; ) # emailotest.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001740; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|emailotest|02|co|02|vu"; nocase; ) # empireb1ue.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001741; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|empireb1ue|03|com"; nocase; ) # empresasdevigilancia.com.ve [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001742; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|empresasdevigilancia|03|com|02|ve"; nocase; ) # enduro.si [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001743; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|enduro|02|si"; nocase; ) # enhancerburnable.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001744; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|enhancerburnable|02|ru"; nocase; ) # eonlineworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001745; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|eonlineworld|03|net"; nocase; ) # eroomspeakblindly.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001746; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|eroomspeakblindly|02|ru"; nocase; ) # erreala.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001747; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|erreala|03|com"; nocase; ) # esatelcode.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001748; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|esatelcode|03|com"; nocase; ) # f520.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001749; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|f520|03|net"; nocase; ) # fa23.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001750; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|fa23|02|ru"; nocase; ) # facetoo.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001751; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|facetoo|02|co|02|vu"; nocase; ) # faetsandrep.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001752; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|faetsandrep|02|ru"; nocase; ) # fallattret.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001753; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fallattret|02|co|02|vu"; nocase; ) # fast-update.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001754; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|fast-update|03|net"; nocase; ) # faverfed.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001755; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|faverfed|03|xyz"; nocase; ) # fdfdfdggghgh.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001756; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|fdfdfdggghgh|02|co|02|vu"; nocase; ) # fedpress.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001757; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|fedpress|03|net"; nocase; ) # fenesihert.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001758; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fenesihert|02|ru"; nocase; ) # fersob.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001759; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|fersob|03|org"; nocase; ) # fishecthinker.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001760; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|fishecthinker|04|ddns|03|net"; nocase; ) # fliteilex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001761; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|fliteilex|03|com"; nocase; ) # fmfgrzebel.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001762; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fmfgrzebel|02|pl"; nocase; ) # following-technology.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001763; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|following-technology|03|com"; nocase; ) # forcaltonttof.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001764; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|forcaltonttof|03|com"; nocase; ) # formaterdocstras.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001765; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|formaterdocstras|03|com"; nocase; ) # formatmcl.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001766; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|formatmcl|04|gicp|03|net"; nocase; ) # fraser-ais.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001767; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|fraser-ais|03|com"; nocase; ) # free3dprint.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001768; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|free3dprint|02|cf"; nocase; ) # freeworldgo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001769; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|freeworldgo|03|com"; nocase; ) # frijd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001770; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|frijd|03|com"; nocase; ) # frimeset.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001771; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|frimeset|03|com"; nocase; ) # frontlinegulf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001772; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|frontlinegulf|03|com"; nocase; ) # fuckingyoursister.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001773; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|fuckingyoursister|02|ru"; nocase; ) # fulo-centums.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001774; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|fulo-centums|03|com"; nocase; ) # functional-business.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001775; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|functional-business|03|com"; nocase; ) # g1osp1odin1ytui1dayn1vova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001776; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|g1osp1odin1ytui1dayn1vova|02|cf"; nocase; ) # g1osp1odin1ytui1dayn1vova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001777; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|g1osp1odin1ytui1dayn1vova|02|tk"; nocase; ) # gamesgirlscoat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001778; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|gamesgirlscoat|03|com"; nocase; ) # gatherbehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001779; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gatherbehind|03|net"; nocase; ) # gaurav.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001780; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gaurav|04|mooo|03|com"; nocase; ) # gavnsxuwkavova3.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001781; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gavnsxuwkavova3|02|ml"; nocase; ) # gavnuwkavova.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001782; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|cf"; nocase; ) # gavnuwkavova.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001783; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|ml"; nocase; ) # gavnuwkavova.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001784; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gavnuwkavova|02|tk"; nocase; ) # gcrnbgjlsgchu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001785; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|gcrnbgjlsgchu|03|com"; nocase; ) # geocities.efnet.at [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001786; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|geocities|05|efnet|02|at"; nocase; ) # gfsdgfgsdfgsdagasdgsad.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001787; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|gfsdgfgsdfgsdagasdgsad|02|co|02|vu"; nocase; ) # ghalibaft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001788; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ghalibaft|03|com"; nocase; ) # ghostwriter-24.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001789; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ghostwriter-24|02|de"; nocase; ) # ginfovalidationrequest.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001790; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|16|ginfovalidationrequest|03|com"; nocase; ) # gladolimo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001791; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|gladolimo|03|com"; nocase; ) # globaluniversitiesplacement.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001792; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1b|globaluniversitiesplacement|03|com"; nocase; ) # globemaster.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001793; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|globemaster|04|info"; nocase; ) # glonass-map.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001794; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|glonass-map|03|com"; nocase; ) # goodwebmail.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001795; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|goodwebmail|02|tk"; nocase; ) # google-ap1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001796; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|google-ap1|03|com"; nocase; ) # googleadvrt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001797; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|googleadvrt|03|com"; nocase; ) # googleapiserver.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001798; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|googleapiserver|03|net"; nocase; ) # googledoc.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001799; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|googledoc|02|in"; nocase; ) # googledomain.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001800; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|googledomain|04|otzo|03|com"; nocase; ) # googlemm.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001801; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|googlemm|04|vicp|03|net"; nocase; ) # googleoffice.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001802; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|googleoffice|02|in"; nocase; ) # gooleg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001803; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|gooleg|03|com"; nocase; ) # gorotza.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001804; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|gorotza|03|biz"; nocase; ) # gotthendiran.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001805; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|gotthendiran|03|com"; nocase; ) # gov.uae.kim [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001806; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|gov|03|uae|03|kim"; nocase; ) # grandemab.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001807; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|grandemab|03|org"; nocase; ) # grom90.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001808; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|grom90|04|ddns|03|net"; nocase; ) # grouptumbler.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001809; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|grouptumbler|03|com"; nocase; ) # gshsol4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001810; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|gshsol4|03|com"; nocase; ) # gsx-idmsa-apple.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001811; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|gsx-idmsa-apple|03|top"; nocase; ) # gtyu.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001812; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|gtyu|02|co|02|vu"; nocase; ) # hahahahaa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001813; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hahahahaa|03|com"; nocase; ) # hamman.io [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001814; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|hamman|02|io"; nocase; ) # harropthenthe.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001815; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|harropthenthe|02|ru"; nocase; ) # haufidasu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001816; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|haufidasu|04|ddns|03|net"; nocase; ) # headshot.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001817; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|headshot|03|com"; nocase; ) # heckwassleftran.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001818; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|heckwassleftran|02|ru"; nocase; ) # hello-today.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001819; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hello-today|03|com"; nocase; ) # helpdesk7r.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001820; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|helpdesk7r|02|ru"; nocase; ) # hentaiha.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001821; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|hentaiha|02|ru"; nocase; ) # herssofhaprigh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001822; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|herssofhaprigh|02|ru"; nocase; ) # hibromineltdpromefugeline.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001823; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|19|hibromineltdpromefugeline|03|com"; nocase; ) # hirobakan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001824; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|hirobakan|03|com"; nocase; ) # holopvovochka.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001825; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|holopvovochka|02|ga"; nocase; ) # holopvovochka.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001826; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|holopvovochka|02|gq"; nocase; ) # homedecks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001827; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|homedecks|03|com"; nocase; ) # honarkhabar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001828; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|honarkhabar|03|com"; nocase; ) # honarkhaneh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001829; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|honarkhaneh|03|net"; nocase; ) # hornet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001830; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|hornet|03|com"; nocase; ) # horningflux.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001831; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|horningflux|02|eu"; nocase; ) # hostshield.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001832; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|hostshield|03|net"; nocase; ) # hotinfonews.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001833; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hotinfonews|03|com"; nocase; ) # houstonpuryear.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001834; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|houstonpuryear|03|com"; nocase; ) # hydrabad-ur.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001835; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|hydrabad-ur|04|ddns|03|net"; nocase; ) # hymen-defloration.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001836; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|hymen-defloration|03|com"; nocase; ) # i6shm0u0o2yhopu8ip1d5f3.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001837; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|i6shm0u0o2yhopu8ip1d5f3|04|ddns|03|net"; nocase; ) # icbcqsz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001838; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|icbcqsz|03|com"; nocase; ) # idedroatyxoaxi.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001839; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|idedroatyxoaxi|02|ru"; nocase; ) # idsp.org.pk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001840; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|idsp|03|org|02|pk"; nocase; ) # ihifg8u6etwpc0ktorc.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001841; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|ihifg8u6etwpc0ktorc|04|ddns|03|net"; nocase; ) # illuminatework.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001842; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|illuminatework|02|ru"; nocase; ) # illuminatistudios.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001843; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|illuminatistudios|03|net"; nocase; ) # ima03.now.im [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001844; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ima03|03|now|02|im"; nocase; ) # imugoqsoakiqahi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001845; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|imugoqsoakiqahi|04|ddns|03|net"; nocase; ) # infovlasinkak.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001846; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|infovlasinkak|04|info"; nocase; ) # ingoarten.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001847; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ingoarten|03|org"; nocase; ) # intl-knapp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001848; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|intl-knapp|03|com"; nocase; ) # invoicewindow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001849; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|invoicewindow|03|com"; nocase; ) # ios9remote.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001850; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ios9remote|03|com"; nocase; ) # iosbefound.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001851; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|iosbefound|03|top"; nocase; ) # iplayer.fm [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001852; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|iplayer|02|fm"; nocase; ) # irantaraz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001853; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|irantaraz|03|com"; nocase; ) # irmatexoitn.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001854; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|irmatexoitn|04|ddns|03|net"; nocase; ) # isyncautoupdater.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001855; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|isyncautoupdater|02|in"; nocase; ) # iwork-sys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001856; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|iwork-sys|03|com"; nocase; ) # jackkk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001857; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|jackkk|03|com"; nocase; ) # jce68.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001858; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|jce68|03|com"; nocase; ) # jfglock.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001859; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|jfglock|02|ru"; nocase; ) # jhfdgjkdhgfiuyt.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001860; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|jhfdgjkdhgfiuyt|02|co|02|vu"; nocase; ) # jjeyd2u37an30.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001861; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|jjeyd2u37an30|03|com"; nocase; ) # johnsonsammy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001862; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|johnsonsammy|04|ddns|03|net"; nocase; ) # jozaglobal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001863; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|jozaglobal|03|com"; nocase; ) # js-rz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001864; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|js-rz|03|com"; nocase; ) # junomaat81.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001865; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|junomaat81|02|us"; nocase; ) # justufogame.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001866; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|justufogame|03|com"; nocase; ) # jxouhxclhzdlwa1d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001867; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|jxouhxclhzdlwa1d|03|com"; nocase; ) # k2qai2yeodm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001868; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|k2qai2yeodm|03|net"; nocase; ) # kaaalosa-set.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001869; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kaaalosa-set|03|com"; nocase; ) # kabur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001870; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|kabur|03|org"; nocase; ) # kakoi5getulo5hvov5a.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001871; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|kakoi5getulo5hvov5a|02|tk"; nocase; ) # kanafany.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001872; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|kanafany|03|org"; nocase; ) # kannada.sexy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001873; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|kannada|04|sexy|03|com"; nocase; ) # kaprizylka.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001874; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaprizylka|02|cf"; nocase; ) # kaprizylka.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001875; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kaprizylka|02|tk"; nocase; ) # kavkazcentr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001876; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|kavkazcentr|04|info"; nocase; ) # kdioqw873-kioas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001877; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|kdioqw873-kioas|03|com"; nocase; ) # kdqjqd5ni0inct1fo2ub38w.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001878; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|kdqjqd5ni0inct1fo2ub38w|04|ddns|03|net"; nocase; ) # killingmoon.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001879; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|killingmoon|03|top"; nocase; ) # kira.xxx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001880; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|kira|03|xxx"; nocase; ) # klydest.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001881; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|klydest|04|ddns|03|net"; nocase; ) # kolll.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001882; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|kolll|02|co|02|vu"; nocase; ) # koslnotreamouyer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001883; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|koslnotreamouyer|03|com"; nocase; ) # kpddkeeded.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001884; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|kpddkeeded|02|cf"; nocase; ) # kpybuhnosdrm.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001885; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kpybuhnosdrm|02|in"; nocase; ) # ktbr-virus-r3i7-detected-qkuj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001886; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1d|ktbr-virus-r3i7-detected-qkuj|03|com"; nocase; ) # kysochekvovu.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001887; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|kysochekvovu|02|ga"; nocase; ) # lacdileftre.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001888; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|lacdileftre|02|ru"; nocase; ) # lastooooomene2ie2e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001889; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|lastooooomene2ie2e|03|com"; nocase; ) # ledshoppen.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001890; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|ledshoppen|02|nl"; nocase; ) # lemdingo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001891; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lemdingo|03|com"; nocase; ) # leonardomateus131.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001892; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|leonardomateus131|04|ddns|03|net"; nocase; ) # lev1tan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001893; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|lev1tan|03|com"; nocase; ) # lifegreen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001894; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|lifegreen|03|net"; nocase; ) # lifelift.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001895; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lifelift|03|net"; nocase; ) # linkbucks.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001896; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|linkbucks|03|com"; nocase; ) # linksbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001897; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|linksbo|03|com"; nocase; ) # listennewsnetwork.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001898; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|listennewsnetwork|03|com"; nocase; ) # litpou.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001899; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|litpou|03|org"; nocase; ) # litramoloka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001900; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|litramoloka|03|com"; nocase; ) # liveservice.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001901; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|liveservice|03|biz"; nocase; ) # living-help.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001902; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|living-help|03|com"; nocase; ) # lkjhgf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001903; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|lkjhgf|02|eu"; nocase; ) # lkjhgfdsa01.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001904; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|lkjhgfdsa01|03|xyz"; nocase; ) # loanscrub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001905; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|loanscrub|03|com"; nocase; ) # localconf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001906; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|localconf|03|com"; nocase; ) # localgroupnet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001907; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|localgroupnet|03|com"; nocase; ) # loginfo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001908; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|loginfo|04|info"; nocase; ) # logottitne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001909; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|logottitne|03|com"; nocase; ) # lovemail-rus.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001910; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|lovemail-rus|03|net"; nocase; ) # lovethai.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001911; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|lovethai|04|vicp|03|net"; nocase; ) # lowbalance.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001912; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|lowbalance|02|su"; nocase; ) # ltsectur2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001913; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ltsectur2|03|com"; nocase; ) # lulzsec.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001914; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|lulzsec|04|info"; nocase; ) # m0ntecrist0.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001915; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|m0ntecrist0|02|cc"; nocase; ) # m0ntecrist0.co.ve [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001916; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|m0ntecrist0|02|co|02|ve"; nocase; ) # m2lfk2jfqdj8x1o.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001917; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|m2lfk2jfqdj8x1o|04|info"; nocase; ) # maarip.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001918; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|maarip|03|org"; nocase; ) # macsupport247.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001919; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|macsupport247|03|com"; nocase; ) # madman1.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001920; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|madman1|04|ddns|03|net"; nocase; ) # maefu1tejdt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001921; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|maefu1tejdt|03|net"; nocase; ) # maxcdnn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001922; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|maxcdnn|03|com"; nocase; ) # mbuildersny.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001923; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|mbuildersny|03|com"; nocase; ) # mdlquote.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001924; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mdlquote|03|com"; nocase; ) # mega123b.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001925; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|mega123b|04|ddns|03|net"; nocase; ) # mlhxqydhcjqvei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001926; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|mlhxqydhcjqvei|03|com"; nocase; ) # mnogochat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001927; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|mnogochat|03|com"; nocase; ) # mobileimho.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001928; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mobileimho|02|ru"; nocase; ) # molnarstuxedo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001929; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|molnarstuxedo|03|com"; nocase; ) # montiza.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001930; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|montiza|03|net"; nocase; ) # moskalskiybodun.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001931; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|moskalskiybodun|03|com"; nocase; ) # mostotransfer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001932; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|mostotransfer|03|com"; nocase; ) # motobit.cz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001933; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|motobit|02|cz"; nocase; ) # moziliafirefox.wicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001934; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|moziliafirefox|04|wicp|03|net"; nocase; ) # mozilla-plugins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001935; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|mozilla-plugins|03|com"; nocase; ) # mrwashington.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001936; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|mrwashington|02|eu"; nocase; ) # msonlineupdate.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001937; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|msonlineupdate|03|com"; nocase; ) # msr2006.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001938; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|msr2006|03|com"; nocase; ) # mssinfosys.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001939; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|mssinfosys|03|com"; nocase; ) # muvindebx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001940; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|muvindebx|02|eu"; nocase; ) # muzhikgusei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001941; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|muzhikgusei|03|com"; nocase; ) # n0vinite.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001942; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|n0vinite|03|com"; nocase; ) # nadeenk.sa [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001943; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nadeenk|02|sa"; nocase; ) # nasedrontit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001944; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|nasedrontit|03|com"; nocase; ) # nato-hq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001945; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nato-hq|03|com"; nocase; ) # nato-info.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001946; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|nato-info|03|com"; nocase; ) # nato-int.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001947; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|nato-int|03|com"; nocase; ) # nato-news.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001948; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|nato-news|03|com"; nocase; ) # natopress.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001949; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|natopress|03|org"; nocase; ) # nav1002.ath.cx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001950; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nav1002|03|ath|02|cx"; nocase; ) # nazgul.zyns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001951; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|nazgul|04|zyns|03|com"; nocase; ) # nba-79.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001952; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|nba-79|03|com"; nocase; ) # neran.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001953; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|neran|03|net"; nocase; ) # netau.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001954; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|netau|03|net"; nocase; ) # netsharepoint.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001955; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|netsharepoint|04|info"; nocase; ) # newderty.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001956; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|newderty|02|co|02|vu"; nocase; ) # newinfo32.eicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001957; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|newinfo32|04|eicp|03|net"; nocase; ) # news20158.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001958; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|news20158|02|co|02|vu"; nocase; ) # newstatisticfeeder.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001959; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|newstatisticfeeder|03|com"; nocase; ) # nightdried.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001960; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nightdried|03|net"; nocase; ) # nightfifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001961; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|nightfifteen|03|net"; nocase; ) # nimyusfhqwizzgb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001962; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|nimyusfhqwizzgb|03|com"; nocase; ) # ninthclub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001963; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ninthclub|03|com"; nocase; ) # nisog.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001964; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|nisog|02|co|02|uk"; nocase; ) # nitmurmansk.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001965; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|nitmurmansk|02|su"; nocase; ) # niubsacaosuce.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001966; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|niubsacaosuce|04|ddns|03|net"; nocase; ) # nolanbg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001967; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|nolanbg|03|com"; nocase; ) # nortiniolosto.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001968; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|nortiniolosto|03|com"; nocase; ) # notebookhk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001969; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|notebookhk|03|net"; nocase; ) # ns02.xeex.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001970; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|ns02|04|xeex|03|com"; nocase; ) # ns2.oxeo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001971; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|ns2|04|oxeo|03|com"; nocase; ) # nudiworld.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001972; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|nudiworld|03|org"; nocase; ) # nycosedfor.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001973; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|nycosedfor|02|ru"; nocase; ) # nytuvovaigavno.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001974; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|nytuvovaigavno|02|gq"; nocase; ) # o5tac1berdn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001975; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|o5tac1berdn|03|biz"; nocase; ) # objectqueries.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001976; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|objectqueries|03|net"; nocase; ) # ogovugtuipawi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001977; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ogovugtuipawi|04|ddns|03|net"; nocase; ) # oilnewsblog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001978; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|oilnewsblog|03|com"; nocase; ) # oilstates.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001979; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|oilstates|02|pw"; nocase; ) # okpole123.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001980; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|okpole123|04|ddns|03|net"; nocase; ) # omtimes.india [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001981; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|omtimes|05|india"; nocase; ) # ontiq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001982; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|ontiq|03|com"; nocase; ) # oowdesign.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001983; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|oowdesign|03|com"; nocase; ) # opmsecurity.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001984; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|opmsecurity|03|org"; nocase; ) # oqkema.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001985; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|oqkema|03|com"; nocase; ) # os-microsoft-update.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001986; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|os-microsoft-update|03|com"; nocase; ) # osce-press.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001987; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|osce-press|03|com"; nocase; ) # ovqelj.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001988; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ovqelj|02|us"; nocase; ) # oxy0qt16mfsfm23fgvo.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001989; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|oxy0qt16mfsfm23fgvo|04|ddns|03|net"; nocase; ) # pacific0147.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001990; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|pacific0147|04|ddns|03|net"; nocase; ) # papybrown.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001991; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|papybrown|04|mooo|03|com"; nocase; ) # parkingcrew.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001992; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|parkingcrew|03|net"; nocase; ) # parterledhed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001993; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|parterledhed|03|com"; nocase; ) # pass-google.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001994; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|pass-google|03|com"; nocase; ) # pay-appstore.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001995; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|pay-appstore|03|com"; nocase; ) # pcal2.dwy.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001996; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|pcal2|03|dwy|02|cc"; nocase; ) # pe.hu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001997; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|pe|02|hu"; nocase; ) # peopleunion.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001998; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|peopleunion|04|gicp|03|net"; nocase; ) # perupacotes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000001999; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|perupacotes|03|com"; nocase; ) # peter123456.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002000; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|peter123456|04|ddns|03|net"; nocase; ) # philsa.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002001; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|philsa|04|ddns|03|net"; nocase; ) # photograph.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002002; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|photograph|04|myfw|02|us"; nocase; ) # pickleweb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002003; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pickleweb|03|net"; nocase; ) # pizdakakoivovadaun.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002004; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pizdakakoivovadaun|02|gq"; nocase; ) # pizdakakoivovadaun.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002005; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pizdakakoivovadaun|02|ml"; nocase; ) # pizdakakoivovadaun.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002006; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|pizdakakoivovadaun|02|tk"; nocase; ) # pkdejexati0o4yje.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002007; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|pkdejexati0o4yje|04|ddns|03|net"; nocase; ) # pkspring.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002008; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pkspring|03|net"; nocase; ) # plaizenet.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002009; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|plaizenet|03|net"; nocase; ) # playpso.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002010; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|playpso|03|com"; nocase; ) # pnoc.vicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002011; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|pnoc|04|vicp|03|net"; nocase; ) # pocztapolska.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002012; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|pocztapolska|03|biz"; nocase; ) # podin.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002013; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|podin|03|net"; nocase; ) # poiuytre.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002014; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|poiuytre|03|org"; nocase; ) # pomppondy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002015; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pomppondy|03|net"; nocase; ) # pornokan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002016; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pornokan|03|com"; nocase; ) # pornostarz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002017; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pornostarz|03|org"; nocase; ) # pornostein.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002018; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|pornostein|03|com"; nocase; ) # privacy-live.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002019; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|privacy-live|03|com"; nocase; ) # privacy-yahoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002020; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|privacy-yahoo|03|com"; nocase; ) # profiles-google.uk.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002021; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|profiles-google|02|uk|02|to"; nocase; ) # psmt.usa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002022; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|psmt|03|usa|03|com"; nocase; ) # pstcmedia.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002023; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|pstcmedia|03|com"; nocase; ) # pusheasy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002024; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|pusheasy|03|net"; nocase; ) # q4ydijevkvalgrm4o4a.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002025; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|q4ydijevkvalgrm4o4a|04|ddns|03|net"; nocase; ) # q5w0f4n5lfm8a1p.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002026; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|q5w0f4n5lfm8a1p|04|info"; nocase; ) # qgjhmerjec.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002027; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|qgjhmerjec|04|info"; nocase; ) # qov.hu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002028; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|qov|02|hu|03|com"; nocase; ) # qtidg8khe4mrwr567na.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002029; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|qtidg8khe4mrwr567na|04|ddns|03|net"; nocase; ) # qtk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002030; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|qtk|03|com"; nocase; ) # quaverse.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002031; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|quaverse|03|com"; nocase; ) # radiobutton.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002032; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|radiobutton|04|mooo|03|com"; nocase; ) # rampagegramar.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002033; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|rampagegramar|03|com"; nocase; ) # randomwfu365.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002034; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|randomwfu365|03|com"; nocase; ) # rapidmyhardware.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002035; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|rapidmyhardware|03|com"; nocase; ) # rausers.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002036; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|rausers|03|com"; nocase; ) # rb.okta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002037; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|02|rb|04|okta|03|com"; nocase; ) # realget.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002038; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|realget|04|info"; nocase; ) # rechbaby.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002039; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|rechbaby|03|com|02|br"; nocase; ) # recordbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002040; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|recordbutter|03|net"; nocase; ) # redlrect-winav.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002041; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|redlrect-winav|03|com"; nocase; ) # regdexsecurity.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002042; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|regdexsecurity|03|com"; nocase; ) # renovationkingdom.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002043; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|renovationkingdom|03|com|02|au"; nocase; ) # responsecomputersupport.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002044; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|responsecomputersupport|03|com"; nocase; ) # resumeofinstall.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002045; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|resumeofinstall|03|org"; nocase; ) # retravopoytem.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002046; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|retravopoytem|03|com"; nocase; ) # rgoyfuadvkebxhjm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002047; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|rgoyfuadvkebxhjm|04|ddns|03|net"; nocase; ) # ricush.ath.cx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002048; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|ricush|03|ath|02|cx"; nocase; ) # romnsiebabanahujtr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002049; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|romnsiebabanahujtr|03|org"; nocase; ) # romnsiebabanahujtr2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002050; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|romnsiebabanahujtr2|03|org"; nocase; ) # rterybrstutnrsbberve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002051; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|14|rterybrstutnrsbberve|03|com"; nocase; ) # safesuns.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002052; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|safesuns|04|info"; nocase; ) # safpobdazy.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002053; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|safpobdazy|02|kz"; nocase; ) # safranchisebrands.co.za [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002054; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|safranchisebrands|02|co|02|za"; nocase; ) # salesmarkting.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002055; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|salesmarkting|02|co|02|vu"; nocase; ) # samp.lv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002056; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|samp|02|lv"; nocase; ) # san.edu.mn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002057; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|san|03|edu|02|mn"; nocase; ) # sanygroup.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002058; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|sanygroup|02|co|02|uk"; nocase; ) # saytargetworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002059; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|saytargetworld|03|net"; nocase; ) # schitskivodka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002060; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|schitskivodka|03|com"; nocase; ) # sdfochekvovu4.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002061; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sdfochekvovu4|02|gq"; nocase; ) # seasonbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002062; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|seasonbutter|03|net"; nocase; ) # secureinvoicedocs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002063; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|secureinvoicedocs|03|com"; nocase; ) # security-issue.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002064; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|security-issue|02|us"; nocase; ) # seichtechnip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002065; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|seichtechnip|03|net"; nocase; ) # senhorchico.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002066; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|senhorchico|03|com|02|br"; nocase; ) # servelatmiru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002067; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|servelatmiru|03|com"; nocase; ) # services-mails.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002068; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|services-mails|03|com"; nocase; ) # sex-3gp-mp4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002069; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sex-3gp-mp4|03|com"; nocase; ) # sex-toy-shop.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002070; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|sex-toy-shop|03|org"; nocase; ) # shatiko-mero.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002071; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|shatiko-mero|03|com"; nocase; ) # shineyourcareer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002072; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|shineyourcareer|03|com"; nocase; ) # signin-users.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002073; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|signin-users|03|com"; nocase; ) # siriomilfomu.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002074; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|siriomilfomu|04|ddns|03|net"; nocase; ) # sixsquare.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002075; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|sixsquare|03|net"; nocase; ) # sky.otzo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002076; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|sky|04|otzo|03|com"; nocase; ) # skyvideo24.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002077; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|skyvideo24|02|in|02|ua"; nocase; ) # smilydesign.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002078; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|smilydesign|03|com"; nocase; ) # smokeoffice.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002079; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|smokeoffice|03|net"; nocase; ) # softrango.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002080; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|softrango|03|com"; nocase; ) # somedocushare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002081; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|somedocushare|03|com"; nocase; ) # sopheheadusnext.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002082; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|sopheheadusnext|03|net"; nocase; ) # specthosting.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002083; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|specthosting|03|biz"; nocase; ) # speedynewsclips.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002084; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|speedynewsclips|03|com"; nocase; ) # srachechno.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002085; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|srachechno|03|com"; nocase; ) # srvdexpress4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002086; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|srvdexpress4|03|com"; nocase; ) # srvdexpress6.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002087; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|srvdexpress6|03|com"; nocase; ) # sshowmethemoney.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002088; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|sshowmethemoney|03|com"; nocase; ) # stephanomerloda.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002089; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|stephanomerloda|02|eu"; nocase; ) # storsvc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002090; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|storsvc|03|org"; nocase; ) # streamdating.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002091; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|streamdating|02|ru"; nocase; ) # streetbutter.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002092; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|streetbutter|03|net"; nocase; ) # sykavovaloh.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002093; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sykavovaloh|02|cf"; nocase; ) # sykavovaloh.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002094; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|sykavovaloh|02|tk"; nocase; ) # sykavovalohzz.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002095; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|sykavovalohzz|02|cf"; nocase; ) # symantec-inc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002096; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|symantec-inc|03|com"; nocase; ) # syncdomain.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002097; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|syncdomain|04|info"; nocase; ) # syncprovider.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002098; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|syncprovider|04|info"; nocase; ) # systemsvc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002099; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|systemsvc|03|net"; nocase; ) # tabsync.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002100; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|tabsync|03|net"; nocase; ) # tainttuy.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002101; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|tainttuy|03|xyz"; nocase; ) # tamilhits.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002102; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tamilhits|03|net"; nocase; ) # tanmii.gicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002103; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|tanmii|04|gicp|03|net"; nocase; ) # taukband.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002104; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|taukband|03|com"; nocase; ) # team4heat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002105; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|team4heat|03|net"; nocase; ) # teenpornotube.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002106; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|teenpornotube|03|org"; nocase; ) # tggtghyhyrghg.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002107; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tggtghyhyrghg|02|co|02|vu"; nocase; ) # tgtfgtoiloilkuilkui.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002108; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|tgtfgtoiloilkuilkui|02|co|02|vu"; nocase; ) # thailandbbs.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002109; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|thailandbbs|04|ddns|03|net"; nocase; ) # thesuperdeliciousnews.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002110; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|thesuperdeliciousnews|03|com"; nocase; ) # theunilab.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002111; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|theunilab|03|com"; nocase; ) # thxvideos.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002112; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|thxvideos|03|com"; nocase; ) # tibet.zyns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002113; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|tibet|04|zyns|03|com"; nocase; ) # tibetcongress.oicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002114; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|tibetcongress|04|oicp|03|net"; nocase; ) # timarols.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002115; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timarols|03|org"; nocase; ) # timechk13.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002116; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk13|03|org"; nocase; ) # timechk14.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002117; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk14|03|net"; nocase; ) # timechk17.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002118; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk17|03|com"; nocase; ) # timechk17.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002119; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk17|03|net"; nocase; ) # timechk17.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002120; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk17|03|org"; nocase; ) # timechk18.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002121; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk18|03|org"; nocase; ) # timechk20.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002122; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk20|03|com"; nocase; ) # timechk23.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002123; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk23|03|com"; nocase; ) # timechk23.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002124; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk23|03|org"; nocase; ) # timechk25.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002125; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk25|03|com"; nocase; ) # timechk27.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002126; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk27|03|org"; nocase; ) # timechk28.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002127; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|timechk28|03|org"; nocase; ) # timechk4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002128; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk4|03|com"; nocase; ) # timechk6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002129; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk6|03|org"; nocase; ) # timechk8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002130; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|timechk8|03|org"; nocase; ) # tisone360.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002131; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|tisone360|03|com"; nocase; ) # titanikvmoskalii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002132; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|titanikvmoskalii|03|com"; nocase; ) # toldbiledin.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002133; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|toldbiledin|02|ru"; nocase; ) # topbullka.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002134; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|topbullka|02|ru"; nocase; ) # torsmimyred.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002135; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|torsmimyred|02|ru"; nocase; ) # trackmytraffic.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002136; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|trackmytraffic|03|biz"; nocase; ) # tradebehind.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002137; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|tradebehind|03|net"; nocase; ) # transactiona.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002138; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|transactiona|03|com"; nocase; ) # trik.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002139; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|trik|02|su"; nocase; ) # trkbox.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002140; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|trkbox|02|ru"; nocase; ) # truecryptrussia.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002141; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|truecryptrussia|02|ru"; nocase; ) # trust-ing.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002142; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|trust-ing|03|com"; nocase; ) # tumanmoskalskiy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002143; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|tumanmoskalskiy|03|com"; nocase; ) # tweeter-stat.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002144; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|tweeter-stat|02|ru"; nocase; ) # ubeisyavovapls.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002145; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ubeisyavovapls|02|gq"; nocase; ) # ubeisyavovapls.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002146; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|ubeisyavovapls|02|tk"; nocase; ) # ubjcl5ucn9g3m.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002147; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|ubjcl5ucn9g3m|04|info"; nocase; ) # udts.de.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002148; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|udts|02|de|02|vu"; nocase; ) # ufrasequcoequdi.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002149; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|ufrasequcoequdi|04|ddns|03|net"; nocase; ) # ultrasoft.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002150; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|ultrasoft|02|in"; nocase; ) # umashadilauru.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002151; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|umashadilauru|04|ddns|03|net"; nocase; ) # unitar.cms.my [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002152; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|unitar|03|cms|02|my"; nocase; ) # unlearnt.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002153; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|unlearnt|02|in"; nocase; ) # update.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002154; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|update|04|ddns|03|net"; nocase; ) # updatemarketltd.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002155; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|updatemarketltd|02|in"; nocase; ) # upgratedns.zyns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002156; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|upgratedns|04|zyns|03|com"; nocase; ) # uptime.uae.kim [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002157; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|uptime|03|uae|03|kim"; nocase; ) # uquoointime.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002158; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|uquoointime|03|net"; nocase; ) # usa-moon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002159; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|usa-moon|03|net"; nocase; ) # usababa.myfw.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002160; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|usababa|04|myfw|02|us"; nocase; ) # useralcliclient.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002161; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|useralcliclient|02|me"; nocase; ) # uyghur.sov.tw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002162; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|uyghur|03|sov|02|tw"; nocase; ) # vdrygvovanemydak3.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002163; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vdrygvovanemydak3|02|tk"; nocase; ) # velevtattoo.bg [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002164; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|velevtattoo|02|bg"; nocase; ) # vemisaio.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002165; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|vemisaio|03|org"; nocase; ) # verification-identity.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002166; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|verification-identity|03|biz"; nocase; ) # verified-deal.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002167; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|verified-deal|03|com"; nocase; ) # vertus-adusa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002168; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|vertus-adusa|03|com"; nocase; ) # videoreview247.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002169; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|videoreview247|03|com"; nocase; ) # videosearcher.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002170; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|videosearcher|03|org"; nocase; ) # videoss.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002171; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|videoss|02|in|02|ua"; nocase; ) # vietkey.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002172; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|vietkey|04|xicp|03|net"; nocase; ) # vipmailru.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002173; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|vipmailru|03|com"; nocase; ) # vireacvio.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002174; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|vireacvio|04|ddns|03|net"; nocase; ) # vitevecaasbaim.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002175; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vitevecaasbaim|04|ddns|03|net"; nocase; ) # vladivkansada.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002176; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|vladivkansada|04|info"; nocase; ) # vo55nehuevotak.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002177; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vo55nehuevotak|02|cf"; nocase; ) # vovapizdadolboeb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002178; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovapizdadolboeb|02|tk"; nocase; ) # vovapizdadolboebgh.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002179; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapizdadolboebgh|02|ga"; nocase; ) # vovapizdadolboebgh.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002180; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapizdadolboebgh|02|gq"; nocase; ) # vovapro100gandon.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002181; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovapro100gandon|02|tk"; nocase; ) # vovapro100gandon23.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002182; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|12|vovapro100gandon23|02|gq"; nocase; ) # vovegarfdghhtom.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002183; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|vovegarfdghhtom|02|cf"; nocase; ) # vovegaryackoletom.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002184; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|vovegaryackoletom|02|cf"; nocase; ) # voveholodnozimoi.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002185; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|voveholodnozimoi|02|ga"; nocase; ) # voveholodnozimoi.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002186; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|voveholodnozimoi|02|ml"; nocase; ) # vovenehuevotak.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002187; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|ga"; nocase; ) # vovenehuevotak.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002188; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vovenehuevotak|02|gq"; nocase; ) # vovewegdfnozimoi.cf [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002189; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovewegdfnozimoi|02|cf"; nocase; ) # vovewegdfnozimoi.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002190; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|vovewegdfnozimoi|02|gq"; nocase; ) # vtvykahskh9m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002191; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|vtvykahskh9m|03|com"; nocase; ) # vxuiweipowe92j.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002192; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|vxuiweipowe92j|03|com"; nocase; ) # waktrick.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002193; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|waktrick|03|com"; nocase; ) # wallnet.zyns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002194; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|wallnet|04|zyns|03|com"; nocase; ) # wantools40.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002195; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|wantools40|03|com"; nocase; ) # webbizwild.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002196; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|webbizwild|03|com"; nocase; ) # webhop.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002197; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|webhop|04|info"; nocase; ) # webmailgoogle.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002198; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|webmailgoogle|03|com"; nocase; ) # wefandurtix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002199; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|wefandurtix|03|com"; nocase; ) # wertstumbahn.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002200; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|wertstumbahn|02|ru"; nocase; ) # westinqhousenuclear.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002201; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|westinqhousenuclear|03|com"; nocase; ) # wetguqan.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002202; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|wetguqan|02|ru"; nocase; ) # wha.la [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002203; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|wha|02|la"; nocase; ) # widifu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002204; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|widifu|03|com"; nocase; ) # williasom.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002205; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|williasom|04|ddns|03|net"; nocase; ) # window-defender-security-alert.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002206; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|1e|window-defender-security-alert|04|info"; nocase; ) # windows-notifications.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002207; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|15|windows-notifications|03|com"; nocase; ) # winupdateonline.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002208; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|winupdateonline|03|com"; nocase; ) # wip.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002209; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|wip|03|com"; nocase; ) # wj32.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002210; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|wj32|03|org"; nocase; ) # wodebeizi119.jkub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002211; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|wodebeizi119|04|jkub|03|com"; nocase; ) # wordpress-catalog.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002212; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|wordpress-catalog|03|com"; nocase; ) # workwithdocuments.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002213; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|workwithdocuments|03|com"; nocase; ) # worldnewsonline.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002214; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|worldnewsonline|02|pw"; nocase; ) # wpqkvmpezecumbvl7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002215; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|11|wpqkvmpezecumbvl7|03|com"; nocase; ) # wsghbfgb.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002216; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|wsghbfgb|02|co|02|vu"; nocase; ) # www.jpta.jp [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002217; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|jpta|02|jp"; nocase; ) # www.powr.io [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002218; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|powr|02|io"; nocase; ) # www.svsk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002219; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|svsk|03|net"; nocase; ) # www.vxea.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002220; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|www|04|vxea|03|com"; nocase; ) # wxanalytics.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002221; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|wxanalytics|02|ru"; nocase; ) # xaaag.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002222; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|xaaag|03|com"; nocase; ) # xiupfisuaw.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002223; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|xiupfisuaw|04|ddns|03|net"; nocase; ) # xoegfeima.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002224; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|xoegfeima|04|ddns|03|net"; nocase; ) # xumooruthfull.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002225; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|xumooruthfull|03|net"; nocase; ) # xvideosock.vn.hn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002226; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|xvideosock|02|vn|02|hn"; nocase; ) # xxx.fap.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002227; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|03|xxx|03|fap|02|to"; nocase; ) # yamenswash.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002228; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|yamenswash|03|com"; nocase; ) # yangdex.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002229; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|yangdex|03|org"; nocase; ) # yhtooo.co.vu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002230; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|06|yhtooo|02|co|02|vu"; nocase; ) # youturbe.co.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002231; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|youturbe|02|co|02|cc"; nocase; ) # yt1ng6583vk8av5rwfy.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002232; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|yt1ng6583vk8av5rwfy|04|ddns|03|net"; nocase; ) # yvgxmrurslexuty.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002233; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0f|yvgxmrurslexuty|04|ddns|03|net"; nocase; ) # z376dfe4955a257a78944864dd0158d172.ws [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002234; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|22|z376dfe4955a257a78944864dd0158d172|02|ws"; nocase; ) # zabeirotvova.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002235; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zabeirotvova|02|ga"; nocase; ) # zarafint.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002236; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|08|zarafint|03|org"; nocase; ) # zbqaf5zcv9s3x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002237; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zbqaf5zcv9s3x|03|biz"; nocase; ) # zhalehziba.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002238; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0a|zhalehziba|03|com"; nocase; ) # zmbkfrdpnaec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002239; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0c|zmbkfrdpnaec|03|com"; nocase; ) # zumo-afetuk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002240; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|zumo-afetuk|03|com"; nocase; ) # zvovapeterda1.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002241; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zvovapeterda1|02|tk"; nocase; ) # zvovapeterda6.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002242; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0d|zvovapeterda6|02|gq"; nocase; ) # 0xota.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002243; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|0xota|03|com"; nocase; ) # 1001010.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002244; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|1001010|03|org"; nocase; ) # 12-68.xicp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002245; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|12-68|04|xicp|03|net"; nocase; ) # 16qvklkb3b58sfix54kf5lq.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002246; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|17|16qvklkb3b58sfix54kf5lq|04|ddns|03|net"; nocase; ) # 18andabused.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002247; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0b|18andabused|03|com"; nocase; ) # 1qw2.wha.la [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002248; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|1qw2|03|wha|02|la"; nocase; ) # 1vyrexifwt5rqpwvepm.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002249; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|13|1vyrexifwt5rqpwvepm|04|ddns|03|net"; nocase; ) # 21sexlory.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002250; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|09|21sexlory|03|com"; nocase; ) # 24onlineskyvideo.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002251; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|10|24onlineskyvideo|04|info"; nocase; ) # 2696666.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002252; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|07|2696666|03|com"; nocase; ) # 2kjb8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002253; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|05|2kjb8|03|net"; nocase; ) # 3322.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002254; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|04|3322|03|org"; nocase; ) # 394iopwekmcopw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002255; reference:urlssl,www.threatcrowd.org/feeds/domains.txt; priority:1; content:"|0e|394iopwekmcopw|03|com"; nocase; ) # formail.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002256; reference:url,www.spamhaus.org/query/dbl?domain=formail.su; priority:1; content:"|07|formail|02|su"; nocase; ) # gromovieotvodidiejj40.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002257; reference:url,www.spamhaus.org/query/dbl?domain=gromovieotvodidiejj40.net; priority:1; content:"|15|gromovieotvodidiejj40|03|net"; nocase; ) # evarisms.bl.ee [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002258; reference:url,www.spamhaus.org/query/dbl?domain=evarisms.bl.ee; priority:1; content:"|08|evarisms|02|bl|02|ee"; nocase; ) # joyrideengend.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002259; reference:url,www.spamhaus.org/query/dbl?domain=joyrideengend.net; priority:1; content:"|0d|joyrideengend|03|net"; nocase; ) # flexinlala.grandshost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002260; reference:url,www.spamhaus.org/query/dbl?domain=flexinlala.grandshost.com; priority:1; content:"|0a|flexinlala|0a|grandshost|03|com"; nocase; ) # ponnammaleducationaltrust.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002261; reference:url,www.spamhaus.org/query/dbl?domain=ponnammaleducationaltrust.org; priority:1; content:"|19|ponnammaleducationaltrust|03|org"; nocase; ) # maxapps.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002262; reference:url,www.spamhaus.org/query/dbl?domain=maxapps.pl; priority:1; content:"|07|maxapps|02|pl"; nocase; ) # nq.sytes.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002263; reference:url,www.spamhaus.org/query/dbl?domain=nq.sytes.net; priority:1; content:"|02|nq|05|sytes|03|net"; nocase; ) # loj7g.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002264; reference:url,www.spamhaus.org/query/dbl?domain=loj7g.cz.cc; priority:1; content:"|05|loj7g|02|cz|02|cc"; nocase; ) # melko.allalla.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002265; reference:url,www.spamhaus.org/query/dbl?domain=melko.allalla.com; priority:1; content:"|05|melko|07|allalla|03|com"; nocase; ) # oshelveticagnk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002266; reference:url,www.spamhaus.org/query/dbl?domain=oshelveticagnk.com; priority:1; content:"|0e|oshelveticagnk|03|com"; nocase; ) # sp11bialystok.neostrada.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002267; reference:url,www.spamhaus.org/query/dbl?domain=sp11bialystok.neostrada.pl; priority:1; content:"|0d|sp11bialystok|09|neostrada|02|pl"; nocase; ) # new-friha.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002268; reference:url,www.spamhaus.org/query/dbl?domain=new-friha.cz.cc; priority:1; content:"|09|new-friha|02|cz|02|cc"; nocase; ) # onestopinstru.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002269; reference:url,www.spamhaus.org/query/dbl?domain=onestopinstru.net; priority:1; content:"|0d|onestopinstru|03|net"; nocase; ) # vcoverage.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002270; reference:url,www.spamhaus.org/query/dbl?domain=vcoverage.net; priority:1; content:"|09|vcoverage|03|net"; nocase; ) # silvuple.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002271; reference:url,www.spamhaus.org/query/dbl?domain=silvuple.org; priority:1; content:"|08|silvuple|03|org"; nocase; ) # www.netropoton.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002272; reference:url,www.spamhaus.org/query/dbl?domain=www.netropoton.com; priority:1; content:"|03|www|0a|netropoton|03|com"; nocase; ) # shaliron.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002273; reference:url,www.spamhaus.org/query/dbl?domain=shaliron.cz.cc; priority:1; content:"|08|shaliron|02|cz|02|cc"; nocase; ) # upfile.url.ph [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002274; reference:url,www.spamhaus.org/query/dbl?domain=upfile.url.ph; priority:1; content:"|06|upfile|03|url|02|ph"; nocase; ) # marytraders.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002275; reference:url,www.spamhaus.org/query/dbl?domain=marytraders.in; priority:1; content:"|0b|marytraders|02|in"; nocase; ) # yrpdgiti.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002276; reference:url,www.spamhaus.org/query/dbl?domain=yrpdgiti.cz.cc; priority:1; content:"|08|yrpdgiti|02|cz|02|cc"; nocase; ) # unicorn.bl.ee [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002277; reference:url,www.spamhaus.org/query/dbl?domain=unicorn.bl.ee; priority:1; content:"|07|unicorn|02|bl|02|ee"; nocase; ) # w2c.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002278; reference:url,www.spamhaus.org/query/dbl?domain=w2c.ru; priority:1; content:"|03|w2c|02|ru"; nocase; ) # www.loongweed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002279; reference:url,www.spamhaus.org/query/dbl?domain=www.loongweed.com; priority:1; content:"|03|www|09|loongweed|03|com"; nocase; ) # lamonde.uni.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002280; reference:url,www.spamhaus.org/query/dbl?domain=lamonde.uni.me; priority:1; content:"|07|lamonde|03|uni|02|me"; nocase; ) # prosperobaro.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002281; reference:url,www.spamhaus.org/query/dbl?domain=prosperobaro.in; priority:1; content:"|0c|prosperobaro|02|in"; nocase; ) # willubmyscr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002282; reference:url,www.spamhaus.org/query/dbl?domain=willubmyscr.com; priority:1; content:"|0b|willubmyscr|03|com"; nocase; ) # akunamatata.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002283; reference:url,www.spamhaus.org/query/dbl?domain=akunamatata.cz.cc; priority:1; content:"|0b|akunamatata|02|cz|02|cc"; nocase; ) # aiirmr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002284; reference:url,www.spamhaus.org/query/dbl?domain=aiirmr.com; priority:1; content:"|06|aiirmr|03|com"; nocase; ) # eriwa.uni.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002285; reference:url,www.spamhaus.org/query/dbl?domain=eriwa.uni.me; priority:1; content:"|05|eriwa|03|uni|02|me"; nocase; ) # www.lfjiayi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002286; reference:url,www.spamhaus.org/query/dbl?domain=www.lfjiayi.com; priority:1; content:"|03|www|07|lfjiayi|03|com"; nocase; ) # ecstasy.sx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002287; reference:url,www.spamhaus.org/query/dbl?domain=ecstasy.sx; priority:1; content:"|07|ecstasy|02|sx"; nocase; ) # mail.honeybot.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002288; reference:url,www.spamhaus.org/query/dbl?domain=mail.honeybot.us; priority:1; content:"|04|mail|08|honeybot|02|us"; nocase; ) # destnarrowweek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002289; reference:url,www.spamhaus.org/query/dbl?domain=destnarrowweek.com; priority:1; content:"|0e|destnarrowweek|03|com"; nocase; ) # ns2.honeybot.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002290; reference:url,www.spamhaus.org/query/dbl?domain=ns2.honeybot.us; priority:1; content:"|03|ns2|08|honeybot|02|us"; nocase; ) # donquertofear.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002291; reference:url,www.spamhaus.org/query/dbl?domain=donquertofear.com; priority:1; content:"|0d|donquertofear|03|com"; nocase; ) # dortehthisnet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002292; reference:url,www.spamhaus.org/query/dbl?domain=dortehthisnet.com; priority:1; content:"|0d|dortehthisnet|03|com"; nocase; ) # o8rad5ccx9f3r.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002293; reference:url,www.spamhaus.org/query/dbl?domain=o8rad5ccx9f3r.net; priority:1; content:"|0d|o8rad5ccx9f3r|03|net"; nocase; ) # ng.marketallone.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002294; reference:url,www.spamhaus.org/query/dbl?domain=ng.marketallone.com; priority:1; content:"|02|ng|0c|marketallone|03|com"; nocase; ) # dd.ka3ek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002295; reference:url,www.spamhaus.org/query/dbl?domain=dd.ka3ek.com; priority:1; content:"|02|dd|05|ka3ek|03|com"; nocase; ) # omstbriyhtgkuhxpi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002296; reference:url,www.spamhaus.org/query/dbl?domain=omstbriyhtgkuhxpi.com; priority:1; content:"|11|omstbriyhtgkuhxpi|03|com"; nocase; ) # hub3.toikgame.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002297; reference:url,www.spamhaus.org/query/dbl?domain=hub3.toikgame.com; priority:1; content:"|04|hub3|08|toikgame|03|com"; nocase; ) # xi.r4t.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002298; reference:url,www.spamhaus.org/query/dbl?domain=xi.r4t.biz; priority:1; content:"|02|xi|03|r4t|03|biz"; nocase; ) # againstfifteen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002299; reference:url,www.spamhaus.org/query/dbl?domain=againstfifteen.net; priority:1; content:"|0e|againstfifteen|03|net"; nocase; ) # appridefirstcom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002300; reference:url,www.spamhaus.org/query/dbl?domain=appridefirstcom.com; priority:1; content:"|0f|appridefirstcom|03|com"; nocase; ) # alertmymail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002301; reference:url,www.spamhaus.org/query/dbl?domain=alertmymail.com; priority:1; content:"|0b|alertmymail|03|com"; nocase; ) # applemedia1236.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002302; reference:url,www.spamhaus.org/query/dbl?domain=applemedia1236.com; priority:1; content:"|0e|applemedia1236|03|com"; nocase; ) # google-dns-public.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002303; reference:url,www.spamhaus.org/query/dbl?domain=google-dns-public.com; priority:1; content:"|11|google-dns-public|03|com"; nocase; ) # betterbroad.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002304; reference:url,www.spamhaus.org/query/dbl?domain=betterbroad.net; priority:1; content:"|0b|betterbroad|03|net"; nocase; ) # vesnarusural.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - malware"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002305; reference:url,www.spamhaus.org/query/dbl?domain=vesnarusural.ru; priority:1; content:"|0c|vesnarusural|02|ru"; nocase; ) # votublist.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002306; reference:url,www.spamhaus.org/query/dbl?domain=votublist.com; priority:1; content:"|09|votublist|03|com"; nocase; ) # fedorena.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002307; reference:url,www.spamhaus.org/query/dbl?domain=fedorena.com; priority:1; content:"|08|fedorena|03|com"; nocase; ) # helpcenter1it6238.cz.cc [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002308; reference:url,www.spamhaus.org/query/dbl?domain=helpcenter1it6238.cz.cc; priority:1; content:"|11|helpcenter1it6238|02|cz|02|cc"; nocase; ) # luckydaydirect.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002309; reference:url,www.spamhaus.org/query/dbl?domain=luckydaydirect.info; priority:1; content:"|0e|luckydaydirect|04|info"; nocase; ) # mag8u1tejdt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002310; reference:url,www.spamhaus.org/query/dbl?domain=mag8u1tejdt.biz; priority:1; content:"|0b|mag8u1tejdt|03|biz"; nocase; ) # mediacontent2.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002311; reference:url,www.spamhaus.org/query/dbl?domain=mediacontent2.us; priority:1; content:"|0d|mediacontent2|02|us"; nocase; ) # rebteugrigh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002312; reference:url,www.spamhaus.org/query/dbl?domain=rebteugrigh.com; priority:1; content:"|0b|rebteugrigh|03|com"; nocase; ) # idthentehed.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002313; reference:url,www.spamhaus.org/query/dbl?domain=idthentehed.com; priority:1; content:"|0b|idthentehed|03|com"; nocase; ) # richdilly.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002314; reference:url,www.spamhaus.org/query/dbl?domain=richdilly.com; priority:1; content:"|09|richdilly|03|com"; nocase; ) # csu.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002315; reference:url,www.spamhaus.org/query/dbl?domain=csu.su; priority:1; content:"|03|csu|02|su"; nocase; ) # cyberwise.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002316; reference:url,www.spamhaus.org/query/dbl?domain=cyberwise.biz; priority:1; content:"|09|cyberwise|03|biz"; nocase; ) # intelligiblemailer.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002317; reference:url,www.spamhaus.org/query/dbl?domain=intelligiblemailer.eu; priority:1; content:"|12|intelligiblemailer|02|eu"; nocase; ) # mukosoma.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002318; reference:url,www.spamhaus.org/query/dbl?domain=mukosoma.com; priority:1; content:"|08|mukosoma|03|com"; nocase; ) # x7sbu5hcg9b3f.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002319; reference:url,www.spamhaus.org/query/dbl?domain=x7sbu5hcg9b3f.net; priority:1; content:"|0d|x7sbu5hcg9b3f|03|net"; nocase; ) # updatewindowsplayer.gq [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002320; reference:url,www.spamhaus.org/query/dbl?domain=updatewindowsplayer.gq; priority:1; content:"|13|updatewindowsplayer|02|gq"; nocase; ) # ysg9ivv311.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002321; reference:url,www.spamhaus.org/query/dbl?domain=ysg9ivv311.com; priority:1; content:"|0a|ysg9ivv311|03|com"; nocase; ) # error.hostinger.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet,rdata"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002322; reference:url,www.spamhaus.org/query/dbl?domain=unicorn.bl.ee; priority:1; content:"|05|error|09|hostinger|02|eu"; nocase; ) # www.chemicalguysmexico.com.mx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002323; reference:url,www.spamhaus.org/query/dbl?domain=www.chemicalguysmexico.com.mx; priority:1; content:"|03|www|12|chemicalguysmexico|03|com|02|mx"; nocase; ) # iprotect.com.my [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002324; reference:url,www.spamhaus.org/query/dbl?domain=iprotect.com.my; priority:1; content:"|08|iprotect|03|com|02|my"; nocase; ) # ns1.www.madunixxx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002325; reference:url,www.spamhaus.org/query/dbl?domain=ns1.www.madunixxx.ru; priority:1; content:"|03|ns1|03|www|09|madunixxx|02|ru"; nocase; ) # www.cefix.com.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002326; reference:url,www.spamhaus.org/query/dbl?domain=www.cefix.com.tr; priority:1; content:"|03|www|05|cefix|03|com|02|tr"; nocase; ) # www.arthurwinley.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002327; reference:url,www.spamhaus.org/query/dbl?domain=www.arthurwinley.com; priority:1; content:"|03|www|0c|arthurwinley|03|com"; nocase; ) # ns1.honeybot.us [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002328; reference:url,www.spamhaus.org/query/dbl?domain=ns1.honeybot.us; priority:1; content:"|03|ns1|08|honeybot|02|us"; nocase; ) # www.hairwearebeautyboutique.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002329; reference:url,www.spamhaus.org/query/dbl?domain=www.hairwearebeautyboutique.com; priority:1; content:"|03|www|17|hairwearebeautyboutique|03|com"; nocase; ) # 516515-de-prob-kenntnis-nachweis.schutz-schutz.ml [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002330; reference:url,www.spamhaus.org/query/dbl?domain=516515-de-prob-kenntnis-nachweis.schutz-schutz.ml; priority:1; content:"|20|516515-de-prob-kenntnis-nachweis|0d|schutz-schutz|02|ml"; nocase; ) # paypa1.update.hollywoodshowgirls.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002331; reference:url,www.spamhaus.org/query/dbl?domain=paypa1.update.hollywoodshowgirls.com.au; priority:1; content:"|06|paypa1|06|update|12|hollywoodshowgirls|03|com|02|au"; nocase; ) # www.ssaua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002332; reference:url,www.spamhaus.org/query/dbl?domain=www.ssaua.org; priority:1; content:"|03|www|05|ssaua|03|org"; nocase; ) # www.griffin-media.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002333; reference:url,www.spamhaus.org/query/dbl?domain=www.griffin-media.com; priority:1; content:"|03|www|0d|griffin-media|03|com"; nocase; ) # www.accountinfos.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002334; reference:url,www.spamhaus.org/query/dbl?domain=www.accountinfos.info; priority:1; content:"|03|www|0c|accountinfos|04|info"; nocase; ) # irc.eu.immortal-anime.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002335; reference:url,www.spamhaus.org/query/dbl?domain=irc.eu.immortal-anime.net; priority:1; content:"|03|irc|02|eu|0e|immortal-anime|03|net"; nocase; ) # ns1.heaventreewebhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002336; reference:url,www.spamhaus.org/query/dbl?domain=ns1.heaventreewebhost.com; priority:1; content:"|03|ns1|11|heaventreewebhost|03|com"; nocase; ) # www.coffeeguru.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002337; reference:url,www.spamhaus.org/query/dbl?domain=www.coffeeguru.it; priority:1; content:"|03|www|0a|coffeeguru|02|it"; nocase; ) # 03a6f57.netsolhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002338; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=03a6f57.netsolhost.com; priority:1; content:"|07|03a6f57|0a|netsolhost|03|com"; nocase; ) # 0if1nl6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002339; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=0if1nl6.org; priority:1; content:"|07|0if1nl6|03|org"; nocase; ) # ahmedashid.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002340; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ahmedashid.com; priority:1; content:"|0a|ahmedashid|03|com"; nocase; ) # anlacviettravel.com.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002341; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=anlacviettravel.com.vn; priority:1; content:"|0f|anlacviettravel|03|com|02|vn"; nocase; ) # arthur-thomas.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002342; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=arthur-thomas.info; priority:1; content:"|0d|arthur-thomas|04|info"; nocase; ) # atmape.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002343; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=atmape.ru; priority:1; content:"|06|atmape|02|ru"; nocase; ) # bestdove.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002344; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bestdove.in.ua; priority:1; content:"|08|bestdove|02|in|02|ua"; nocase; ) # bethelnorthbay.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002345; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bethelnorthbay.com; priority:1; content:"|0e|bethelnorthbay|03|com"; nocase; ) # bin1.kns1.al [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002346; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bin1.kns1.al; priority:1; content:"|04|bin1|04|kns1|02|al"; nocase; ) # brausincsystem.pro [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002347; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=brausincsystem.pro; priority:1; content:"|0e|brausincsystem|03|pro"; nocase; ) # bright.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002348; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bright.su; priority:1; content:"|06|bright|02|su"; nocase; ) # bryckerhire.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002349; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bryckerhire.com.au; priority:1; content:"|0b|bryckerhire|03|com|02|au"; nocase; ) # bubbliezsisters.com.my [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002350; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bubbliezsisters.com.my; priority:1; content:"|0f|bubbliezsisters|03|com|02|my"; nocase; ) # capacitacion.inami.gob.mx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002351; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=capacitacion.inami.gob.mx; priority:1; content:"|0c|capacitacion|05|inami|03|gob|02|mx"; nocase; ) # chambercb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002352; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=chambercb.tk; priority:1; content:"|09|chambercb|02|tk"; nocase; ) # championbft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002353; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=championbft.com; priority:1; content:"|0b|championbft|03|com"; nocase; ) # cp53072.cloudhosting.lv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002354; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cp53072.cloudhosting.lv; priority:1; content:"|07|cp53072|0c|cloudhosting|02|lv"; nocase; ) # crimunalbot001.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002355; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=crimunalbot001.ga; priority:1; content:"|0e|crimunalbot001|02|ga"; nocase; ) # danislenefc.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002356; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=danislenefc.info; priority:1; content:"|0b|danislenefc|04|info"; nocase; ) # dasch.pl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002357; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dasch.pl; priority:1; content:"|05|dasch|02|pl"; nocase; ) # delaponitan.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002358; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=delaponitan.pw; priority:1; content:"|0b|delaponitan|02|pw"; nocase; ) # dlauten.bplaced.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002359; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dlauten.bplaced.net; priority:1; content:"|07|dlauten|07|bplaced|03|net"; nocase; ) # domifondery.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002360; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=domifondery.com; priority:1; content:"|0b|domifondery|03|com"; nocase; ) # dominoziele.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002361; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dominoziele.pw; priority:1; content:"|0b|dominoziele|02|pw"; nocase; ) # eavgwy5suy.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002362; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=eavgwy5suy.tk; priority:1; content:"|0a|eavgwy5suy|02|tk"; nocase; ) # escuelanet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002363; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=escuelanet.com; priority:1; content:"|0a|escuelanet|03|com"; nocase; ) # fapet.ipb.ac.id [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002364; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=fapet.ipb.ac.id; priority:1; content:"|05|fapet|03|ipb|02|ac|02|id"; nocase; ) # finalcrashtest.co.nz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002365; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=finalcrashtest.co.nz; priority:1; content:"|0e|finalcrashtest|02|co|02|nz"; nocase; ) # genteatsss.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002366; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=genteatsss.com; priority:1; content:"|0a|genteatsss|03|com"; nocase; ) # gskpresident.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002367; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=gskpresident.tk; priority:1; content:"|0c|gskpresident|02|tk"; nocase; ) # icleanforyou.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002368; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=icleanforyou.com.au; priority:1; content:"|0c|icleanforyou|03|com|02|au"; nocase; ) # imamnhearte.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002369; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=imamnhearte.hotmail.ru; priority:1; content:"|0b|imamnhearte|07|hotmail|02|ru"; nocase; ) # jacoblanderville.myjino.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002370; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=jacoblanderville.myjino.ru; priority:1; content:"|10|jacoblanderville|06|myjino|02|ru"; nocase; ) # joepussy.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002371; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=joepussy.tk; priority:1; content:"|08|joepussy|02|tk"; nocase; ) # juanadearco.com.uy [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002372; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=juanadearco.com.uy; priority:1; content:"|0b|juanadearco|03|com|02|uy"; nocase; ) # jump1ng.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002373; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=jump1ng.net; priority:1; content:"|07|jump1ng|03|net"; nocase; ) # kesikelyaf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002374; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kesikelyaf.com; priority:1; content:"|0a|kesikelyaf|03|com"; nocase; ) # kraonkelaere.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002375; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kraonkelaere.com; priority:1; content:"|0c|kraonkelaere|03|com"; nocase; ) # krestenbv.nl [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002376; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=krestenbv.nl; priority:1; content:"|09|krestenbv|02|nl"; nocase; ) # lp.sa-baba.co.il [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002377; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=lp.sa-baba.co.il; priority:1; content:"|02|lp|07|sa-baba|02|co|02|il"; nocase; ) # madaniashop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002378; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=madaniashop.com; priority:1; content:"|0b|madaniashop|03|com"; nocase; ) # maminoleinc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002379; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=maminoleinc.tk; priority:1; content:"|0b|maminoleinc|02|tk"; nocase; ) # matt001.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002380; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=matt001.tk; priority:1; content:"|07|matt001|02|tk"; nocase; ) # metromall.good-media.co.il [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002381; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=metromall.good-media.co.il; priority:1; content:"|09|metromall|0a|good-media|02|co|02|il"; nocase; ) # myfcb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002382; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=myfcb.tk; priority:1; content:"|05|myfcb|02|tk"; nocase; ) # mymytonnymaxltd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002383; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mymytonnymaxltd.org; priority:1; content:"|0f|mymytonnymaxltd|03|org"; nocase; ) # newsmedia.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002384; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=newsmedia.com.br; priority:1; content:"|09|newsmedia|03|com|02|br"; nocase; ) # ns416017.ip-37-187-144.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002385; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ns416017.ip-37-187-144.eu; priority:1; content:"|08|ns416017|0d|ip-37-187-144|02|eu"; nocase; ) # obyno.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002386; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=obyno.xyz; priority:1; content:"|05|obyno|03|xyz"; nocase; ) # pharmaspan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002387; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=pharmaspan.com; priority:1; content:"|0a|pharmaspan|03|com"; nocase; ) # physiotherapyusa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002388; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=physiotherapyusa.org; priority:1; content:"|10|physiotherapyusa|03|org"; nocase; ) # portal.100am100.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002389; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=portal.100am100.kz; priority:1; content:"|06|portal|08|100am100|02|kz"; nocase; ) # registerdrivegoogle.sytes.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002390; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=registerdrivegoogle.sytes.net; priority:1; content:"|13|registerdrivegoogle|05|sytes|03|net"; nocase; ) # sdhfjksdhfjksdh.biz.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002391; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sdhfjksdhfjksdh.biz.ua; priority:1; content:"|0f|sdhfjksdhfjksdh|03|biz|02|ua"; nocase; ) # servmill.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002392; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=servmill.com; priority:1; content:"|08|servmill|03|com"; nocase; ) # shammah.openbrazil.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002393; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=shammah.openbrazil.org; priority:1; content:"|07|shammah|0a|openbrazil|03|org"; nocase; ) # spotmarka.ap0x.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002394; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=spotmarka.ap0x.com; priority:1; content:"|09|spotmarka|04|ap0x|03|com"; nocase; ) # systemhelpr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002395; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=systemhelpr.com; priority:1; content:"|0b|systemhelpr|03|com"; nocase; ) # tekchuks.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002396; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekchuks.xyz; priority:1; content:"|08|tekchuks|03|xyz"; nocase; ) # thegreenwayup.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002397; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=thegreenwayup.com; priority:1; content:"|0d|thegreenwayup|03|com"; nocase; ) # tronuprising.heliohost.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002398; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tronuprising.heliohost.org; priority:1; content:"|0c|tronuprising|09|heliohost|03|org"; nocase; ) # webtahmin.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002399; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=webtahmin.com; priority:1; content:"|09|webtahmin|03|com"; nocase; ) # www.bilbobaggins.comxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002400; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.bilbobaggins.comxa.com; priority:1; content:"|03|www|0c|bilbobaggins|05|comxa|03|com"; nocase; ) # www.danielevarriale.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002401; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.danielevarriale.it; priority:1; content:"|03|www|0f|danielevarriale|02|it"; nocase; ) # www.florin-skincare.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002402; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.florin-skincare.com; priority:1; content:"|03|www|0f|florin-skincare|03|com"; nocase; ) # www.foxload.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002403; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.foxload.in.net; priority:1; content:"|03|www|07|foxload|02|in|03|net"; nocase; ) # www.halfwayfilm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002404; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.halfwayfilm.com; priority:1; content:"|03|www|0b|halfwayfilm|03|com"; nocase; ) # www.horizonmagazine.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002405; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.horizonmagazine.com; priority:1; content:"|03|www|0f|horizonmagazine|03|com"; nocase; ) # www.jobdeliver.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002406; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.jobdeliver.tk; priority:1; content:"|03|www|0a|jobdeliver|02|tk"; nocase; ) # www.personxing.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002407; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.personxing.in.net; priority:1; content:"|03|www|0a|personxing|02|in|03|net"; nocase; ) # www.proacti.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002408; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.proacti.com.br; priority:1; content:"|03|www|07|proacti|03|com|02|br"; nocase; ) # www.riverwalktrader.co.za [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002409; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.riverwalktrader.co.za; priority:1; content:"|03|www|0f|riverwalktrader|02|co|02|za"; nocase; ) # www.wecontrol-com.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002410; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.wecontrol-com.tk; priority:1; content:"|03|www|0d|wecontrol-com|02|tk"; nocase; ) # xbsezlmaha.loan [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002411; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=xbsezlmaha.loan; priority:1; content:"|0a|xbsezlmaha|04|loan"; nocase; ) # xpipemotoring.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002412; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=xpipemotoring.top; priority:1; content:"|0d|xpipemotoring|03|top"; nocase; ) # z0bu.dynu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002413; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=z0bu.dynu.com; priority:1; content:"|04|z0bu|04|dynu|03|com"; nocase; ) # z3us1.z-ed.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002414; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=z3us1.z-ed.info; priority:1; content:"|05|z3us1|04|z-ed|04|info"; nocase; ) # zabava-bel.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002415; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zabava-bel.ru; priority:1; content:"|0a|zabava-bel|02|ru"; nocase; ) # zetes.vdsinside.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002416; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zetes.vdsinside.com; priority:1; content:"|05|zetes|09|vdsinside|03|com"; nocase; ) # zhyravlik.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002417; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zhyravlik.ru; priority:1; content:"|09|zhyravlik|02|ru"; nocase; ) # zxyinternational.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002418; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zxyinternational.net; priority:1; content:"|10|zxyinternational|03|net"; nocase; ) # 76tguy6hh6tgftrt7tg.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002419; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=76tguy6hh6tgftrt7tg.su; priority:1; content:"|13|76tguy6hh6tgftrt7tg|02|su"; nocase; ) # angryshippflyforok.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002420; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=angryshippflyforok.su; priority:1; content:"|12|angryshippflyforok|02|su"; nocase; ) # arcelikpendikservisi.gen.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002421; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=arcelikpendikservisi.gen.tr; priority:1; content:"|14|arcelikpendikservisi|03|gen|02|tr"; nocase; ) # arvision.com.co [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002422; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=arvision.com.co; priority:1; content:"|08|arvision|03|com|02|co"; nocase; ) # auslaser.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002423; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=auslaser.net; priority:1; content:"|08|auslaser|03|net"; nocase; ) # axpoium.echange.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002424; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=axpoium.echange.su; priority:1; content:"|07|axpoium|07|echange|02|su"; nocase; ) # bestboy.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002425; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bestboy.top; priority:1; content:"|07|bestboy|03|top"; nocase; ) # blog.raw-recruits.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002426; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=blog.raw-recruits.com; priority:1; content:"|04|blog|0c|raw-recruits|03|com"; nocase; ) # casher777soft.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002427; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=casher777soft.pw; priority:1; content:"|0d|casher777soft|02|pw"; nocase; ) # ccpmacake.faith [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002428; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ccpmacake.faith; priority:1; content:"|09|ccpmacake|05|faith"; nocase; ) # cd31411.tmweb.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002429; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cd31411.tmweb.ru; priority:1; content:"|07|cd31411|05|tmweb|02|ru"; nocase; ) # chezhiyasweheropasl.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002430; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=chezhiyasweheropasl.su; priority:1; content:"|13|chezhiyasweheropasl|02|su"; nocase; ) # developer.cdn.com.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002431; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=developer.cdn.com.kz; priority:1; content:"|09|developer|03|cdn|03|com|02|kz"; nocase; ) # diguing-store.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002432; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=diguing-store.net; priority:1; content:"|0d|diguing-store|03|net"; nocase; ) # doubleglazing-perth.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002433; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=doubleglazing-perth.com.au; priority:1; content:"|13|doubleglazing-perth|03|com|02|au"; nocase; ) # duty.sitatech.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002434; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=duty.sitatech.org; priority:1; content:"|04|duty|08|sitatech|03|org"; nocase; ) # eresimgbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002435; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=eresimgbo.com; priority:1; content:"|09|eresimgbo|03|com"; nocase; ) # felceconserve.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002436; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=felceconserve.com; priority:1; content:"|0d|felceconserve|03|com"; nocase; ) # finsolutions.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002437; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=finsolutions.top; priority:1; content:"|0c|finsolutions|03|top"; nocase; ) # frank1.ddf.al [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002438; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=frank1.ddf.al; priority:1; content:"|06|frank1|03|ddf|02|al"; nocase; ) # freelancergyn.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002439; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=freelancergyn.com.br; priority:1; content:"|0d|freelancergyn|03|com|02|br"; nocase; ) # fx45.pp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002440; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=fx45.pp.ru; priority:1; content:"|04|fx45|02|pp|02|ru"; nocase; ) # grupojpdecarvalho.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002441; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=grupojpdecarvalho.com.br; priority:1; content:"|11|grupojpdecarvalho|03|com|02|br"; nocase; ) # gyodundena.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002442; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=gyodundena.hotmail.ru; priority:1; content:"|0a|gyodundena|07|hotmail|02|ru"; nocase; ) # havaianasartesanais.art.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002443; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=havaianasartesanais.art.br; priority:1; content:"|13|havaianasartesanais|03|art|02|br"; nocase; ) # hui-ain-apparel.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002444; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=hui-ain-apparel.tk; priority:1; content:"|0f|hui-ain-apparel|02|tk"; nocase; ) # ijoe.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002445; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ijoe.xyz; priority:1; content:"|04|ijoe|03|xyz"; nocase; ) # interlogistics.com.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002446; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=interlogistics.com.vn; priority:1; content:"|0e|interlogistics|03|com|02|vn"; nocase; ) # islenpiding.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002447; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=islenpiding.hotmail.ru; priority:1; content:"|0b|islenpiding|07|hotmail|02|ru"; nocase; ) # jazmany.cu.ma [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002448; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=jazmany.cu.ma; priority:1; content:"|07|jazmany|02|cu|02|ma"; nocase; ) # junniper.mcdir.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002449; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=junniper.mcdir.ru; priority:1; content:"|08|junniper|05|mcdir|02|ru"; nocase; ) # karma-bodrum.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002450; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=karma-bodrum.com; priority:1; content:"|0c|karma-bodrum|03|com"; nocase; ) # katagi-weblogs.lolipop.jp [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002451; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=katagi-weblogs.lolipop.jp; priority:1; content:"|0e|katagi-weblogs|07|lolipop|02|jp"; nocase; ) # kntksales.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002452; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kntksales.tk; priority:1; content:"|09|kntksales|02|tk"; nocase; ) # leaningbokubo.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002453; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=leaningbokubo.ru; priority:1; content:"|0d|leaningbokubo|02|ru"; nocase; ) # leon10.5gbfree.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002454; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=leon10.5gbfree.com; priority:1; content:"|06|leon10|07|5gbfree|03|com"; nocase; ) # liveresellerweb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002455; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=liveresellerweb.eu; priority:1; content:"|0f|liveresellerweb|02|eu"; nocase; ) # livinglounges.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002456; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=livinglounges.su; priority:1; content:"|0d|livinglounges|02|su"; nocase; ) # luenhinpearl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002457; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=luenhinpearl.com; priority:1; content:"|0c|luenhinpearl|03|com"; nocase; ) # machine.cu.ma [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002458; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=machine.cu.ma; priority:1; content:"|07|machine|02|cu|02|ma"; nocase; ) # megastats.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002459; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=megastats.top; priority:1; content:"|09|megastats|03|top"; nocase; ) # ns513726.ip-192-99-148.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002460; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ns513726.ip-192-99-148.net; priority:1; content:"|08|ns513726|0d|ip-192-99-148|03|net"; nocase; ) # petroyeda.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002461; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=petroyeda.com; priority:1; content:"|09|petroyeda|03|com"; nocase; ) # prtscrentercn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002462; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=prtscrentercn.info; priority:1; content:"|0d|prtscrentercn|04|info"; nocase; ) # regame.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002463; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=regame.su; priority:1; content:"|06|regame|02|su"; nocase; ) # rexafajay.axfree.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002464; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rexafajay.axfree.com; priority:1; content:"|09|rexafajay|06|axfree|03|com"; nocase; ) # samoniklo.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002465; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=samoniklo.pw; priority:1; content:"|09|samoniklo|02|pw"; nocase; ) # shell-fisheries.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002466; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=shell-fisheries.com; priority:1; content:"|0f|shell-fisheries|03|com"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # slot.sub-zero.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002467; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=slot.sub-zero.it; priority:1; content:"|04|slot|08|sub-zero|02|it"; nocase; ) # smartfoodsglutenfree.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002468; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=smartfoodsglutenfree.kz; priority:1; content:"|14|smartfoodsglutenfree|02|kz"; nocase; ) # storroliko.club [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002469; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=storroliko.club; priority:1; content:"|0a|storroliko|04|club"; nocase; ) # sv1.eyeonmusica.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002470; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sv1.eyeonmusica.it; priority:1; content:"|03|sv1|0b|eyeonmusica|02|it"; nocase; ) # tanthanhdanh.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002471; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tanthanhdanh.vn; priority:1; content:"|0c|tanthanhdanh|02|vn"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # techemeka.work [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002472; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=techemeka.work; priority:1; content:"|09|techemeka|04|work"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # toneexcelgreat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002473; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=toneexcelgreat.com; priority:1; content:"|0e|toneexcelgreat|03|com"; nocase; ) # turkeyhotelnoslafas.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002474; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=turkeyhotelnoslafas.su; priority:1; content:"|13|turkeyhotelnoslafas|02|su"; nocase; ) # u8781a21.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002475; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=u8781a21.pw; priority:1; content:"|08|u8781a21|02|pw"; nocase; ) # vegantravelshow.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002476; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=vegantravelshow.com; priority:1; content:"|0f|vegantravelshow|03|com"; nocase; ) # villaggiodiitaici.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002477; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=villaggiodiitaici.com.br; priority:1; content:"|11|villaggiodiitaici|03|com|02|br"; nocase; ) # vuanongsan.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002478; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=vuanongsan.vn; priority:1; content:"|0a|vuanongsan|02|vn"; nocase; ) # www.ipm.upel.edu.ve [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002479; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.ipm.upel.edu.ve; priority:1; content:"|03|www|03|ipm|04|upel|03|edu|02|ve"; nocase; ) # www.jung201.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002480; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.jung201.tk; priority:1; content:"|03|www|07|jung201|02|tk"; nocase; ) # www.mauritaniecoeur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002481; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.mauritaniecoeur.org; priority:1; content:"|03|www|0f|mauritaniecoeur|03|org"; nocase; ) # www.me404.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002482; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.me404.net; priority:1; content:"|03|www|05|me404|03|net"; nocase; ) # www.teleeye.com.ph [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002483; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.teleeye.com.ph; priority:1; content:"|03|www|07|teleeye|03|com|02|ph"; nocase; ) # 039b1ee.netsolhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002484; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=039b1ee.netsolhost.com; priority:1; content:"|07|039b1ee|0a|netsolhost|03|com"; nocase; ) # 03bbec4.netsolhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002485; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=03bbec4.netsolhost.com; priority:1; content:"|07|03bbec4|0a|netsolhost|03|com"; nocase; ) # 0x.x.gg [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002486; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=0x.x.gg; priority:1; content:"|02|0x|01|x|02|gg"; nocase; ) # 54g35546-5g6hbggffhb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002487; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=54g35546-5g6hbggffhb.tk; priority:1; content:"|14|54g35546-5g6hbggffhb|02|tk"; nocase; ) # ashoesheestono.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002488; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ashoesheestono.eu; priority:1; content:"|0e|ashoesheestono|02|eu"; nocase; ) # b.1s2.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002489; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=b.1s2.in.ua; priority:1; content:"|01|b|03|1s2|02|in|02|ua"; nocase; ) # barselkab.bps.go.id [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002490; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=barselkab.bps.go.id; priority:1; content:"|09|barselkab|03|bps|02|go|02|id"; nocase; ) # bellinghambar.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002491; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bellinghambar.tk; priority:1; content:"|0d|bellinghambar|02|tk"; nocase; ) # bolerakopsoa.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002492; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bolerakopsoa.pw; priority:1; content:"|0c|bolerakopsoa|02|pw"; nocase; ) # bppkbsulsel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002493; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bppkbsulsel.com; priority:1; content:"|0b|bppkbsulsel|03|com"; nocase; ) # cakessolovely.ca [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002494; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cakessolovely.ca; priority:1; content:"|0d|cakessolovely|02|ca"; nocase; ) # circleread-view.com.mocha2003.mochahost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002495; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=circleread-view.com.mocha2003.mochahost.com; priority:1; content:"|0f|circleread-view|03|com|09|mocha2003|09|mochahost|03|com"; nocase; ) # cryptmyexe.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002496; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cryptmyexe.pw; priority:1; content:"|0a|cryptmyexe|02|pw"; nocase; ) # dau43vt5wtrd.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002497; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dau43vt5wtrd.tk; priority:1; content:"|0c|dau43vt5wtrd|02|tk"; nocase; ) # diagnosticdubai.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002498; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=diagnosticdubai.com; priority:1; content:"|0f|diagnosticdubai|03|com"; nocase; ) # domifondery3d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002499; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=domifondery3d.com; priority:1; content:"|0d|domifondery3d|03|com"; nocase; ) # doratopelase.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002500; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=doratopelase.pw; priority:1; content:"|0c|doratopelase|02|pw"; nocase; ) # felanco.heliohost.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002501; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=felanco.heliohost.org; priority:1; content:"|07|felanco|09|heliohost|03|org"; nocase; ) # foxmanwer.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002502; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=foxmanwer.pw; priority:1; content:"|09|foxmanwer|02|pw"; nocase; ) # go.everli-killz.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002503; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=go.everli-killz.xyz; priority:1; content:"|02|go|0c|everli-killz|03|xyz"; nocase; ) # hillalala.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002504; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=hillalala.com; priority:1; content:"|09|hillalala|03|com"; nocase; ) # iddc.co.id [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002505; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=iddc.co.id; priority:1; content:"|04|iddc|02|co|02|id"; nocase; ) # joyclasses.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002506; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=joyclasses.eu; priority:1; content:"|0a|joyclasses|02|eu"; nocase; ) # junllian.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002507; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=junllian.net; priority:1; content:"|08|junllian|03|net"; nocase; ) # land-create.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002508; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=land-create.com; priority:1; content:"|0b|land-create|03|com"; nocase; ) # lebedev30.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002509; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=lebedev30.ru; priority:1; content:"|09|lebedev30|02|ru"; nocase; ) # leo94dhgfyw-df87fb.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002510; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=leo94dhgfyw-df87fb.tk; priority:1; content:"|12|leo94dhgfyw-df87fb|02|tk"; nocase; ) # micheal766.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002511; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=micheal766.info; priority:1; content:"|0a|micheal766|04|info"; nocase; ) # movieofgoodies.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002512; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=movieofgoodies.kz; priority:1; content:"|0e|movieofgoodies|02|kz"; nocase; ) # mycraft.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002513; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mycraft.com.br; priority:1; content:"|07|mycraft|03|com|02|br"; nocase; ) # mygoodness.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002514; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mygoodness.in.ua; priority:1; content:"|0a|mygoodness|02|in|02|ua"; nocase; ) # nasscomminc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002515; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=nasscomminc.tk; priority:1; content:"|0b|nasscomminc|02|tk"; nocase; ) # natlalirans.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002516; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=natlalirans.hotmail.ru; priority:1; content:"|0b|natlalirans|07|hotmail|02|ru"; nocase; ) # newversionpdun.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002517; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=newversionpdun.in.net; priority:1; content:"|0e|newversionpdun|02|in|03|net"; nocase; ) # ozowarac.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002518; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ozowarac.com; priority:1; content:"|08|ozowarac|03|com"; nocase; ) # platinum-casino.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002519; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=platinum-casino.ru; priority:1; content:"|0f|platinum-casino|02|ru"; nocase; ) # prosmile.net.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002520; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=prosmile.net.au; priority:1; content:"|08|prosmile|03|net|02|au"; nocase; ) # prtscrinsertcn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002521; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=prtscrinsertcn.net; priority:1; content:"|0e|prtscrinsertcn|03|net"; nocase; ) # rarabarnfi.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002522; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rarabarnfi.hotmail.ru; priority:1; content:"|0a|rarabarnfi|07|hotmail|02|ru"; nocase; ) # securetalk.cwsurf.de [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002523; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=securetalk.cwsurf.de; priority:1; content:"|0a|securetalk|06|cwsurf|02|de"; nocase; ) # shadowraze.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002524; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=shadowraze.pw; priority:1; content:"|0a|shadowraze|02|pw"; nocase; ) # spacco-inc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002525; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=spacco-inc.com; priority:1; content:"|0a|spacco-inc|03|com"; nocase; ) # sparrow-cap-manufacturer.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002526; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sparrow-cap-manufacturer.com; priority:1; content:"|18|sparrow-cap-manufacturer|03|com"; nocase; ) # speroni.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002527; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=speroni.pw; priority:1; content:"|07|speroni|02|pw"; nocase; ) # sro.giuseppemarotta.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002528; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sro.giuseppemarotta.com; priority:1; content:"|03|sro|0f|giuseppemarotta|03|com"; nocase; ) # stats.lead.mysitehosted.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002529; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=stats.lead.mysitehosted.com; priority:1; content:"|05|stats|04|lead|0c|mysitehosted|03|com"; nocase; ) # sus.nieuwmoer.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002530; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sus.nieuwmoer.info; priority:1; content:"|03|sus|09|nieuwmoer|04|info"; nocase; ) # tech-dan.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002531; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tech-dan.xyz; priority:1; content:"|08|tech-dan|03|xyz"; nocase; ) # techmag.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002532; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=techmag.space; priority:1; content:"|07|techmag|05|space"; nocase; ) # techmaha.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002533; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=techmaha.pw; priority:1; content:"|08|techmaha|02|pw"; nocase; ) # teeth.co.jp [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002534; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=teeth.co.jp; priority:1; content:"|05|teeth|02|co|02|jp"; nocase; ) # traveller.to [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002535; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=traveller.to; priority:1; content:"|09|traveller|02|to"; nocase; ) # ukabenerji.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002536; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ukabenerji.com; priority:1; content:"|0a|ukabenerji|03|com"; nocase; ) # waserazer.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002537; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=waserazer.pw; priority:1; content:"|09|waserazer|02|pw"; nocase; ) # wayufilm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002538; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=wayufilm.com; priority:1; content:"|08|wayufilm|03|com"; nocase; ) # webpowerstudio.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002539; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=webpowerstudio.com; priority:1; content:"|0e|webpowerstudio|03|com"; nocase; ) # www.02level.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002540; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.02level.tk; priority:1; content:"|03|www|07|02level|02|tk"; nocase; ) # www.antibasic.ga [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002541; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.antibasic.ga; priority:1; content:"|03|www|09|antibasic|02|ga"; nocase; ) # www.egypt-dream.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002542; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.egypt-dream.net; priority:1; content:"|03|www|0b|egypt-dream|03|net"; nocase; ) # www.mikewine.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002543; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.mikewine.tk; priority:1; content:"|03|www|08|mikewine|02|tk"; nocase; ) # www.ohimmades.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002544; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.ohimmades.pw; priority:1; content:"|03|www|09|ohimmades|02|pw"; nocase; ) # www.sofishome.com.mx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002545; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.sofishome.com.mx; priority:1; content:"|03|www|09|sofishome|03|com|02|mx"; nocase; ) # www.vhvn.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002546; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.vhvn.vn; priority:1; content:"|03|www|04|vhvn|02|vn"; nocase; ) ### sorry. not sure what to do with address: so i'm skipping this one. # akdenizklima.com.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002547; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=akdenizklima.com.tr; priority:1; content:"|0c|akdenizklima|03|com|02|tr"; nocase; ) # alexiscorp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002548; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=alexiscorp.com; priority:1; content:"|0a|alexiscorp|03|com"; nocase; ) # analiticwebexperience.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002549; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=analiticwebexperience.com; priority:1; content:"|15|analiticwebexperience|03|com"; nocase; ) # aquaremedialworks.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002550; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=aquaremedialworks.com.au; priority:1; content:"|11|aquaremedialworks|03|com|02|au"; nocase; ) # baliwag.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002551; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=baliwag.xyz; priority:1; content:"|07|baliwag|03|xyz"; nocase; ) # bibrath.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002552; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bibrath.eu; priority:1; content:"|07|bibrath|02|eu"; nocase; ) # bitcointalks.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002553; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bitcointalks.info; priority:1; content:"|0c|bitcointalks|04|info"; nocase; ) # bots.configbinbots.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002554; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bots.configbinbots.info; priority:1; content:"|04|bots|0d|configbinbots|04|info"; nocase; ) # branchtist.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002555; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=branchtist.com; priority:1; content:"|0a|branchtist|03|com"; nocase; ) # bytes.darktech.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002556; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bytes.darktech.org; priority:1; content:"|05|bytes|08|darktech|03|org"; nocase; ) # canadianonlineagreementservices.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002557; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=canadianonlineagreementservices.kz; priority:1; content:"|1f|canadianonlineagreementservices|02|kz"; nocase; ) # chat.altacom.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002558; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=chat.altacom.it; priority:1; content:"|04|chat|07|altacom|02|it"; nocase; ) # classicalbitu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002559; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=classicalbitu.com; priority:1; content:"|0d|classicalbitu|03|com"; nocase; ) # cosmosdady.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002560; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cosmosdady.su; priority:1; content:"|0a|cosmosdady|02|su"; nocase; ) # cy-m0ld.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002561; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cy-m0ld.com; priority:1; content:"|07|cy-m0ld|03|com"; nocase; ) # cynthialemos1225.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002562; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cynthialemos1225.ddns.net; priority:1; content:"|10|cynthialemos1225|04|ddns|03|net"; nocase; ) # depolakoeasre.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002563; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=depolakoeasre.pw; priority:1; content:"|0d|depolakoeasre|02|pw"; nocase; ) # diabetespal.ps [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002564; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=diabetespal.ps; priority:1; content:"|0b|diabetespal|02|ps"; nocase; ) # dino1.ddf.al [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002565; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dino1.ddf.al; priority:1; content:"|05|dino1|03|ddf|02|al"; nocase; ) # domnicpeter.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002566; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=domnicpeter.in.net; priority:1; content:"|0b|domnicpeter|02|in|03|net"; nocase; ) # elta-th.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002567; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=elta-th.com; priority:1; content:"|07|elta-th|03|com"; nocase; ) # enginbilgidenizi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002568; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=enginbilgidenizi.com; priority:1; content:"|10|enginbilgidenizi|03|com"; nocase; ) # extremesports.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002569; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=extremesports.kz; priority:1; content:"|0d|extremesports|02|kz"; nocase; ) # ganhedwakar.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002570; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ganhedwakar.tk; priority:1; content:"|0b|ganhedwakar|02|tk"; nocase; ) # googlepetkavanis4.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002571; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=googlepetkavanis4.pw; priority:1; content:"|11|googlepetkavanis4|02|pw"; nocase; ) # gpdi-lippocikarang.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002572; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=gpdi-lippocikarang.com; priority:1; content:"|12|gpdi-lippocikarang|03|com"; nocase; ) # grupocava-mx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002573; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=grupocava-mx.com; priority:1; content:"|0c|grupocava-mx|03|com"; nocase; ) # homedeco.com.bo [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002574; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=homedeco.com.bo; priority:1; content:"|08|homedeco|03|com|02|bo"; nocase; ) # honestme.com.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002575; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=honestme.com.ua; priority:1; content:"|08|honestme|03|com|02|ua"; nocase; ) # host1.swenabler.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002576; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=host1.swenabler.com; priority:1; content:"|05|host1|09|swenabler|03|com"; nocase; ) # hotelavalon.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002577; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=hotelavalon.org; priority:1; content:"|0b|hotelavalon|03|org"; nocase; ) # hyperbolic.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002578; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=hyperbolic.tk; priority:1; content:"|0a|hyperbolic|02|tk"; nocase; ) # ingenicopads.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002579; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ingenicopads.kz; priority:1; content:"|0c|ingenicopads|02|kz"; nocase; ) # japanparts.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002580; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=japanparts.pw; priority:1; content:"|0a|japanparts|02|pw"; nocase; ) # jomo.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002581; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=jomo.in.ua; priority:1; content:"|04|jomo|02|in|02|ua"; nocase; ) # khoangiengthutiep.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002582; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=khoangiengthutiep.com; priority:1; content:"|11|khoangiengthutiep|03|com"; nocase; ) # kw34h-lithi-owo.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002583; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kw34h-lithi-owo.tk; priority:1; content:"|0f|kw34h-lithi-owo|02|tk"; nocase; ) # mailslots.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002584; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mailslots.top; priority:1; content:"|09|mailslots|03|top"; nocase; ) # mm266.bplaced.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002585; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mm266.bplaced.com; priority:1; content:"|05|mm266|07|bplaced|03|com"; nocase; ) # naijabids.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002586; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=naijabids.co.uk; priority:1; content:"|09|naijabids|02|co|02|uk"; nocase; ) # nonstopeddanceraz.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002587; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=nonstopeddanceraz.su; priority:1; content:"|11|nonstopeddanceraz|02|su"; nocase; ) # ns511849.ip-192-99-19.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002588; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ns511849.ip-192-99-19.net; priority:1; content:"|08|ns511849|0c|ip-192-99-19|03|net"; nocase; ) # programtotalatoma.esy.es [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002589; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=programtotalatoma.esy.es; priority:1; content:"|11|programtotalatoma|03|esy|02|es"; nocase; ) # pureescents.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002590; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=pureescents.com.au; priority:1; content:"|0b|pureescents|03|com|02|au"; nocase; ) # regsways.top [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002591; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=regsways.top; priority:1; content:"|08|regsways|03|top"; nocase; ) # rfvn.vn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002592; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rfvn.vn; priority:1; content:"|04|rfvn|02|vn"; nocase; ) # rhwndkf45.codns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002593; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rhwndkf45.codns.com; priority:1; content:"|09|rhwndkf45|05|codns|03|com"; nocase; ) # ricasad.sx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002594; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ricasad.sx; priority:1; content:"|07|ricasad|02|sx"; nocase; ) # s1.eyeonmusica.it [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002595; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=s1.eyeonmusica.it; priority:1; content:"|02|s1|0b|eyeonmusica|02|it"; nocase; ) # sandokan66.no-ip.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002596; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sandokan66.no-ip.info; priority:1; content:"|0a|sandokan66|05|no-ip|04|info"; nocase; ) # secure.lynxbowlingservices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002597; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=secure.lynxbowlingservices.com; priority:1; content:"|06|secure|13|lynxbowlingservices|03|com"; nocase; ) # securetestingnetwotk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002598; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=securetestingnetwotk.com; priority:1; content:"|14|securetestingnetwotk|03|com"; nocase; ) # seqwcs.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002599; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=seqwcs.com.au; priority:1; content:"|06|seqwcs|03|com|02|au"; nocase; ) # shaktitextileengr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002600; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=shaktitextileengr.com; priority:1; content:"|11|shaktitextileengr|03|com"; nocase; ) # spartanr.5gbfree.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002601; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=spartanr.5gbfree.com; priority:1; content:"|08|spartanr|07|5gbfree|03|com"; nocase; ) # systemscfg.olympe.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002602; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=systemscfg.olympe.in; priority:1; content:"|0a|systemscfg|06|olympe|02|in"; nocase; ) # tekadrian.pro [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002603; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekadrian.pro; priority:1; content:"|09|tekadrian|03|pro"; nocase; ) # tekadrian.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002604; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekadrian.xyz; priority:1; content:"|09|tekadrian|03|xyz"; nocase; ) # telefonfiyatlari.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002605; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=telefonfiyatlari.org; priority:1; content:"|10|telefonfiyatlari|03|org"; nocase; ) # tesab.org.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002606; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tesab.org.uk; priority:1; content:"|05|tesab|03|org|02|uk"; nocase; ) # updateacces.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002607; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=updateacces.org; priority:1; content:"|0b|updateacces|03|org"; nocase; ) # uptight.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002608; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=uptight.su; priority:1; content:"|07|uptight|02|su"; nocase; ) # valdmir.noriysha.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002609; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=valdmir.noriysha.ru; priority:1; content:"|07|valdmir|08|noriysha|02|ru"; nocase; ) # valntooglesakrundigk.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002610; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=valntooglesakrundigk.pw; priority:1; content:"|14|valntooglesakrundigk|02|pw"; nocase; ) # vankapetkavanis4.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002611; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=vankapetkavanis4.pw; priority:1; content:"|10|vankapetkavanis4|02|pw"; nocase; ) # wasabi.mine.nu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002612; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=wasabi.mine.nu; priority:1; content:"|06|wasabi|04|mine|02|nu"; nocase; ) # web-tv-production.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002613; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=web-tv-production.fr; priority:1; content:"|11|web-tv-production|02|fr"; nocase; ) # www.angelyard.com.hk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002614; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.angelyard.com.hk; priority:1; content:"|03|www|09|angelyard|03|com|02|hk"; nocase; ) # www.basecinco.com.ar [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002615; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.basecinco.com.ar; priority:1; content:"|03|www|09|basecinco|03|com|02|ar"; nocase; ) # www.changeexchange2.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002616; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.changeexchange2.ru; priority:1; content:"|03|www|0f|changeexchange2|02|ru"; nocase; ) # www.cpro.moscow [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002617; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.cpro.moscow; priority:1; content:"|03|www|04|cpro|06|moscow"; nocase; ) # www.creativequilts.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002618; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.creativequilts.net; priority:1; content:"|03|www|0e|creativequilts|03|net"; nocase; ) # www.demexsoft.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002619; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.demexsoft.com; priority:1; content:"|03|www|09|demexsoft|03|com"; nocase; ) # www.dphcustompins.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002620; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.dphcustompins.com; priority:1; content:"|03|www|0d|dphcustompins|03|com"; nocase; ) # www.impm.upel.edu.ve [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002621; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.impm.upel.edu.ve; priority:1; content:"|03|www|04|impm|04|upel|03|edu|02|ve"; nocase; ) # www.kasaraomoveis.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002622; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.kasaraomoveis.com.br; priority:1; content:"|03|www|0d|kasaraomoveis|03|com|02|br"; nocase; ) # www.orquestanacaona.cult.cu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002623; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.orquestanacaona.cult.cu; priority:1; content:"|03|www|0f|orquestanacaona|04|cult|02|cu"; nocase; ) # www.tekyalhaja.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002624; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.tekyalhaja.xyz; priority:1; content:"|03|www|0a|tekyalhaja|03|xyz"; nocase; ) # www.webos.in [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002625; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.webos.in; priority:1; content:"|03|www|05|webos|02|in"; nocase; ) # xclones.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002626; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=xclones.in.net; priority:1; content:"|07|xclones|02|in|03|net"; nocase; ) # yahoo-action.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002627; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=yahoo-action.com; priority:1; content:"|0c|yahoo-action|03|com"; nocase; ) # zs.technogatti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002628; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=zs.technogatti.com; priority:1; content:"|02|zs|0b|technogatti|03|com"; nocase; ) # 03a6b7a.netsolhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002629; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=03a6b7a.netsolhost.com; priority:1; content:"|07|03a6b7a|0a|netsolhost|03|com"; nocase; ) # actdhaka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002630; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=actdhaka.com; priority:1; content:"|08|actdhaka|03|com"; nocase; ) # aljazeera.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002631; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=aljazeera.kz; priority:1; content:"|09|aljazeera|02|kz"; nocase; ) # apple-trusted.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002632; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=apple-trusted.com; priority:1; content:"|0d|apple-trusted|03|com"; nocase; ) # beatyhousesupporte.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002633; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=beatyhousesupporte.su; priority:1; content:"|12|beatyhousesupporte|02|su"; nocase; ) # bitters.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002634; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bitters.su; priority:1; content:"|07|bitters|02|su"; nocase; ) # bl1nqz8yrf7tgdsq.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002635; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bl1nqz8yrf7tgdsq.tk; priority:1; content:"|10|bl1nqz8yrf7tgdsq|02|tk"; nocase; ) # bocaautocenters.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002636; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bocaautocenters.com; priority:1; content:"|0f|bocaautocenters|03|com"; nocase; ) # bqtest2.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002637; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=bqtest2.ru; priority:1; content:"|07|bqtest2|02|ru"; nocase; ) # brothersmt2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002638; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=brothersmt2.tk; priority:1; content:"|0b|brothersmt2|02|tk"; nocase; ) # burgerspendingbusiness.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002639; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=burgerspendingbusiness.kz; priority:1; content:"|16|burgerspendingbusiness|02|kz"; nocase; ) # chhathpuja.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002640; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=chhathpuja.com; priority:1; content:"|0a|chhathpuja|03|com"; nocase; ) # codebacktowork2.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002641; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=codebacktowork2.tk; priority:1; content:"|0f|codebacktowork2|02|tk"; nocase; ) # corefwdgroup.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002642; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=corefwdgroup.tk; priority:1; content:"|0c|corefwdgroup|02|tk"; nocase; ) # cp53091.cloudhosting.lv [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002643; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cp53091.cloudhosting.lv; priority:1; content:"|07|cp53091|0c|cloudhosting|02|lv"; nocase; ) # cscomnsinc.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002644; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cscomnsinc.tk; priority:1; content:"|0a|cscomnsinc|02|tk"; nocase; ) # cupomkinghost.com.br [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002645; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cupomkinghost.com.br; priority:1; content:"|0d|cupomkinghost|03|com|02|br"; nocase; ) # cybernet.uz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002646; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=cybernet.uz; priority:1; content:"|08|cybernet|02|uz"; nocase; ) # dejavu-now.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002647; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dejavu-now.tk; priority:1; content:"|0a|dejavu-now|02|tk"; nocase; ) # derma-fusion.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002648; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=derma-fusion.com; priority:1; content:"|0c|derma-fusion|03|com"; nocase; ) # dileconme.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002649; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=dileconme.hotmail.ru; priority:1; content:"|09|dileconme|07|hotmail|02|ru"; nocase; ) # emaillifecoaching.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002650; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=emaillifecoaching.com.au; priority:1; content:"|11|emaillifecoaching|03|com|02|au"; nocase; ) # fadzulani.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002651; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=fadzulani.com; priority:1; content:"|09|fadzulani|03|com"; nocase; ) # franka.in.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002652; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=franka.in.net; priority:1; content:"|06|franka|02|in|03|net"; nocase; ) # galataiplik.com.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002653; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=galataiplik.com.tr; priority:1; content:"|0b|galataiplik|03|com|02|tr"; nocase; ) # galaxystarshop.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002654; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=galaxystarshop.com; priority:1; content:"|0e|galaxystarshop|03|com"; nocase; ) # graysstonofices.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002655; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=graysstonofices.com; priority:1; content:"|0f|graysstonofices|03|com"; nocase; ) # guatemalavisible.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002656; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=guatemalavisible.net; priority:1; content:"|10|guatemalavisible|03|net"; nocase; ) # haksuara.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002657; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=haksuara.com; priority:1; content:"|08|haksuara|03|com"; nocase; ) # holydoome.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002658; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=holydoome.co.uk; priority:1; content:"|09|holydoome|02|co|02|uk"; nocase; ) # iltempo.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002659; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=iltempo.com.au; priority:1; content:"|07|iltempo|03|com|02|au"; nocase; ) # joejdbjrmrkklfnmf.usr.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002660; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=joejdbjrmrkklfnmf.usr.me; priority:1; content:"|11|joejdbjrmrkklfnmf|03|usr|02|me"; nocase; ) # kintapa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002661; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kintapa.com; priority:1; content:"|07|kintapa|03|com"; nocase; ) # kudrnwosas.faith [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002662; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=kudrnwosas.faith; priority:1; content:"|0a|kudrnwosas|05|faith"; nocase; ) # lasnetlk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002663; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=lasnetlk.co.uk; priority:1; content:"|08|lasnetlk|02|co|02|uk"; nocase; ) # lavormakina.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002664; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=lavormakina.com; priority:1; content:"|0b|lavormakina|03|com"; nocase; ) # links.heliohost.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002665; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=links.heliohost.org; priority:1; content:"|05|links|09|heliohost|03|org"; nocase; ) # mapsresearch.ca [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002666; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=mapsresearch.ca; priority:1; content:"|0c|mapsresearch|02|ca"; nocase; ) # molowo.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002667; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=molowo.in.ua; priority:1; content:"|06|molowo|02|in|02|ua"; nocase; ) # moviepaidinfullsexy.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002668; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=moviepaidinfullsexy.kz; priority:1; content:"|13|moviepaidinfullsexy|02|kz"; nocase; ) # muazymaur.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002669; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=muazymaur.tk; priority:1; content:"|09|muazymaur|02|tk"; nocase; ) # naaninggeschcho.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002670; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=naaninggeschcho.hotmail.ru; priority:1; content:"|0f|naaninggeschcho|07|hotmail|02|ru"; nocase; ) # nancycemt1225.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002671; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=nancycemt1225.ddns.net; priority:1; content:"|0d|nancycemt1225|04|ddns|03|net"; nocase; ) # neorandom.dothome.co.kr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002672; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=neorandom.dothome.co.kr; priority:1; content:"|09|neorandom|07|dothome|02|co|02|kr"; nocase; ) # pedropedreiromoxik.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002673; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=pedropedreiromoxik.su; priority:1; content:"|12|pedropedreiromoxik|02|su"; nocase; ) # pharirgatic.hotmail.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002674; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=pharirgatic.hotmail.ru; priority:1; content:"|0b|pharirgatic|07|hotmail|02|ru"; nocase; ) # poolkingsthailand.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002675; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=poolkingsthailand.com; priority:1; content:"|11|poolkingsthailand|03|com"; nocase; ) # preapprovedloansoffline.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002676; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=preapprovedloansoffline.kz; priority:1; content:"|17|preapprovedloansoffline|02|kz"; nocase; ) # preapprovedloansonline.kz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002677; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=preapprovedloansonline.kz; priority:1; content:"|16|preapprovedloansonline|02|kz"; nocase; ) # renasup-nord-de-france.fr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002678; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=renasup-nord-de-france.fr; priority:1; content:"|16|renasup-nord-de-france|02|fr"; nocase; ) # robertstolpe.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002679; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=robertstolpe.com; priority:1; content:"|0c|robertstolpe|03|com"; nocase; ) # rsslessons.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002680; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=rsslessons.su; priority:1; content:"|0a|rsslessons|02|su"; nocase; ) # sanyai-love.rmu.ac.th [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002681; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sanyai-love.rmu.ac.th; priority:1; content:"|0b|sanyai-love|03|rmu|02|ac|02|th"; nocase; ) # secufast.bplaced.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002682; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=secufast.bplaced.net; priority:1; content:"|08|secufast|07|bplaced|03|net"; nocase; ) # slivoratikam.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002683; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=slivoratikam.pw; priority:1; content:"|0c|slivoratikam|02|pw"; nocase; ) # solubaba.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002684; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=solubaba.tk; priority:1; content:"|08|solubaba|02|tk"; nocase; ) # sslsam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002685; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=sslsam.com; priority:1; content:"|06|sslsam|03|com"; nocase; ) # suryapolix.club [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002686; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=suryapolix.club; priority:1; content:"|0a|suryapolix|04|club"; nocase; ) # svitor.hostev.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002687; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=svitor.hostev.net; priority:1; content:"|06|svitor|06|hostev|03|net"; nocase; ) # techakym.pw [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002688; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=techakym.pw; priority:1; content:"|08|techakym|02|pw"; nocase; ) # tekcharles.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002689; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekcharles.xyz; priority:1; content:"|0a|tekcharles|03|xyz"; nocase; ) # tekjoe.space [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002690; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tekjoe.space; priority:1; content:"|06|tekjoe|05|space"; nocase; ) # teksoft.pro [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002691; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=teksoft.pro; priority:1; content:"|07|teksoft|03|pro"; nocase; ) # toolsathomes.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002692; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=toolsathomes.com; priority:1; content:"|0c|toolsathomes|03|com"; nocase; ) # tosh.com.au [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002693; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tosh.com.au; priority:1; content:"|04|tosh|03|com|02|au"; nocase; ) # trust-s-b.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002694; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=trust-s-b.com; priority:1; content:"|09|trust-s-b|03|com"; nocase; ) # tt.onmypc.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002695; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=tt.onmypc.org; priority:1; content:"|02|tt|06|onmypc|03|org"; nocase; ) # u0003321.cp.regruhosting.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002696; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=u0003321.cp.regruhosting.ru; priority:1; content:"|08|u0003321|02|cp|0c|regruhosting|02|ru"; nocase; ) # vashadvokat.in.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002697; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=vashadvokat.in.ua; priority:1; content:"|0b|vashadvokat|02|in|02|ua"; nocase; ) # winhelptech.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002698; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=winhelptech.xyz; priority:1; content:"|0b|winhelptech|03|xyz"; nocase; ) # wvin.su [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002699; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=wvin.su; priority:1; content:"|04|wvin|02|su"; nocase; ) # www.chrischapmanhair.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002700; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.chrischapmanhair.co.uk; priority:1; content:"|03|www|10|chrischapmanhair|02|co|02|uk"; nocase; ) # www.dracotec.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002701; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.dracotec.org; priority:1; content:"|03|www|08|dracotec|03|org"; nocase; ) # www.nikey.cn [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002702; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.nikey.cn; priority:1; content:"|03|www|05|nikey|02|cn"; nocase; ) # www.pizzachezmichel.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002703; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.pizzachezmichel.com; priority:1; content:"|03|www|0f|pizzachezmichel|03|com"; nocase; ) # www.rimmugygur.is [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002704; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.rimmugygur.is; priority:1; content:"|03|www|0a|rimmugygur|02|is"; nocase; ) # www.stroiclimat.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002705; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=www.stroiclimat.ru; priority:1; content:"|03|www|0b|stroiclimat|02|ru"; nocase; ) # ya-aaaa123123.myjino.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - zeus,botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002706; reference:urlssl,zeustracker.abuse.ch/monitor.php?search=ya-aaaa123123.myjino.ru; priority:1; content:"|0d|ya-aaaa123123|06|myjino|02|ru"; nocase; ) # chemicalguysmexico.com.mx [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing,rdata"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002707; reference:url,www.spamhaus.org/query/dbl?domain=www.chemicalguysmexico.com.mx; priority:1; content:"|12|chemicalguysmexico|03|com|02|mx"; nocase; ) # vk.me [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002708; reference:url,www.spamhaus.org/query/dbl?domain=vk.me; priority:1; content:"|02|vk|02|me"; nocase; ) # bulkemailseller.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002709; reference:url,www.spamhaus.org/query/dbl?domain=bulkemailseller.com; priority:1; content:"|0f|bulkemailseller|03|com"; nocase; ) # onlinux-it.setupdns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing,rdata"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002710; reference:url,www.spamhaus.org/query/dbl?domain=www.coffeeguru.it; priority:1; content:"|0a|onlinux-it|08|setupdns|03|net"; nocase; ) # cefix.com.tr [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing,rdata"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002711; reference:url,www.spamhaus.org/query/dbl?domain=www.cefix.com.tr; priority:1; content:"|05|cefix|03|com|02|tr"; nocase; ) # comprasonlinemiami.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002712; reference:url,www.spamhaus.org/query/dbl?domain=comprasonlinemiami.com; priority:1; content:"|12|comprasonlinemiami|03|com"; nocase; ) # freedom.ns.tinyurl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002713; reference:url,www.spamhaus.org/query/dbl?domain=freedom.ns.tinyurl.com; priority:1; content:"|07|freedom|02|ns|07|tinyurl|03|com"; nocase; ) # revolution.ns.tinyurl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002714; reference:url,www.spamhaus.org/query/dbl?domain=revolution.ns.tinyurl.com; priority:1; content:"|0a|revolution|02|ns|07|tinyurl|03|com"; nocase; ) # ns2.heaventreewebhost.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002715; reference:url,www.spamhaus.org/query/dbl?domain=ns2.heaventreewebhost.com; priority:1; content:"|03|ns2|11|heaventreewebhost|03|com"; nocase; ) # ssaua.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002716; reference:url,www.spamhaus.org/query/dbl?domain=ssaua.org; priority:1; content:"|05|ssaua|03|org"; nocase; ) # investment-cloud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002717; reference:url,osint.bambenekconsulting.com/manual/matsnu.txt; priority:1; content:"|10|investment-cloud|03|com"; nocase; ) # pckffwcqdebn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002718; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|pckffwcqdebn|03|com"; nocase; ) # piwxvumpyptp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002719; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|piwxvumpyptp|03|com"; nocase; ) # qubrrfmnwtqf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002720; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|qubrrfmnwtqf|03|com"; nocase; ) # receptionassist.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002721; reference:url,osint.bambenekconsulting.com/manual/matsnu.txt; priority:1; content:"|0f|receptionassist|03|com"; nocase; ) # www.tuedo.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002722; reference:url,www.spamhaus.org/query/dbl?domain=www.tuedo.co.uk; priority:1; content:"|03|www|05|tuedo|02|co|02|uk"; nocase; ) # lyset.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002723; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyset|02|eu"; nocase; ) # acosas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002724; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|acosas|03|com"; nocase; ) # sharpcluster.lidhostingservice.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - phishing"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002725; reference:url,www.spamhaus.org/query/dbl?domain=sharpcluster.lidhostingservice.net; priority:1; content:"|0c|sharpcluster|11|lidhostingservice|03|net"; nocase; ) # fallgift.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002726; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|fallgift|03|net"; nocase; ) # foreignobject.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002727; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|foreignobject|03|net"; nocase; ) # machinestation.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002728; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0e|machinestation|03|net"; nocase; ) # takeover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002729; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|takeover|03|net"; nocase; ) # toreserve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002730; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|toreserve|03|net"; nocase; ) # yourhouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002731; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|yourhouse|03|net"; nocase; ) # englishspace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002732; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|englishspace|03|net"; nocase; ) # familytravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002733; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|familytravel|03|net"; nocase; ) # lrstnpeace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002734; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|lrstnpeace|03|net"; nocase; ) # righttravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002735; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|righttravel|03|net"; nocase; ) # takehome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002736; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|takehome|03|net"; nocase; ) # weeklive.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002737; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|weeklive|03|net"; nocase; ) # yourgold.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002738; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|yourgold|03|net"; nocase; ) # childrenspace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002739; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|childrenspace|03|net"; nocase; ) # learnover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002740; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|learnover|03|net"; nocase; ) # learnserve.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002741; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|learnserve|03|net"; nocase; ) # picturestation.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002742; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0e|picturestation|03|net"; nocase; ) # yourhome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002743; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|yourhome|03|net"; nocase; ) # yourpeace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002744; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|yourpeace|03|net"; nocase; ) # foreigntravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002745; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|foreigntravel|03|net"; nocase; ) # personchildhood.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002746; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0f|personchildhood|03|net"; nocase; ) # planthome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002747; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|planthome|03|net"; nocase; ) # planthouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002748; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|planthouse|03|net"; nocase; ) # rightspace.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002749; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|rightspace|03|net"; nocase; ) # toreover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002750; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|toreover|03|net"; nocase; ) # verygold.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002751; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|verygold|03|net"; nocase; ) # viewhome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002752; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|viewhome|03|net"; nocase; ) # viewhouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002753; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|viewhouse|03|net"; nocase; ) # yourgift.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002754; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|yourgift|03|net"; nocase; ) # k0sda8gh1bu0un5.ddns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002755; reference:url,osint.bambenekconsulting.com/manual/corebot.txt; priority:1; content:"|0f|k0sda8gh1bu0un5|04|ddns|03|net"; nocase; ) # figuretravel.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002756; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|figuretravel|03|net"; nocase; ) # muchhouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002757; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|muchhouse|03|net"; nocase; ) # takehouse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002758; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|takehouse|03|net"; nocase; ) # tinyurl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002759; reference:url,www.spamhaus.org/query/dbl?domain=tinyurl.com; priority:1; content:"|07|tinyurl|03|com"; nocase; ) # kunfpuqcsyd.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002760; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0b|kunfpuqcsyd|02|ru"; nocase; ) # ohplsuljopekq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002761; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0d|ohplsuljopekq|03|biz"; nocase; ) # pbkdlfhspepj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002762; reference:url,www.spamhaus.org/query/dbl?domain=pbkdlfhspepj.com; priority:1; content:"|0c|pbkdlfhspepj|03|com"; nocase; ) # ns2.bwreg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002763; reference:url,www.spamhaus.org/query/dbl?domain=ns2.bwreg.com; priority:1; content:"|03|ns2|05|bwreg|03|com"; nocase; ) # gwfxxliquuhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002764; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|gwfxxliquuhf|03|com"; nocase; ) # purel.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002765; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|purel|02|eu"; nocase; ) # lyrex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002766; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyrex|02|eu"; nocase; ) # lyran.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002767; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyran|02|eu"; nocase; ) # rninnvvfsbok.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002768; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|rninnvvfsbok|03|biz"; nocase; ) # dckdcpmdnnoo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002769; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dckdcpmdnnoo|03|com"; nocase; ) # jiilkunuxyxx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002770; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|jiilkunuxyxx|03|com"; nocase; ) # lykil.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002771; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lykil|02|eu"; nocase; ) # mabus.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002772; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mabus|02|eu"; nocase; ) # lygysij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002773; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|lygysij|03|com"; nocase; ) # deepearth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002774; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|deepearth|03|net"; nocase; ) # gfellcoxdeyt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002775; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|gfellcoxdeyt|03|com"; nocase; ) # nvfitloxipni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002776; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nvfitloxipni|03|biz"; nocase; ) # hcufggldtxgm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002777; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|hcufggldtxgm|03|biz"; nocase; ) # hncnnipijmlg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002778; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|hncnnipijmlg|03|org"; nocase; ) # jixxuvuexcmv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002779; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|jixxuvuexcmv|03|com"; nocase; ) # nrotuvokihgl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002780; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nrotuvokihgl|03|biz"; nocase; ) # dctltffbvswt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002781; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dctltffbvswt|03|com"; nocase; ) # dqfuxkhijorq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002782; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dqfuxkhijorq|03|com"; nocase; ) # dufeloolteuv.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002783; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dufeloolteuv|03|biz"; nocase; ) # jisrupdykdeb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002784; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|jisrupdykdeb|03|com"; nocase; ) # mdqjmwvqtsjk.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002785; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|mdqjmwvqtsjk|03|biz"; nocase; ) # ufvifsopgbbm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002786; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ufvifsopgbbm|03|com"; nocase; ) # wghkbbreemmn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002787; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|wghkbbreemmn|03|com"; nocase; ) # communication.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002788; reference:url,osint.bambenekconsulting.com/manual/matsnu.txt; priority:1; content:"|0d|communication|03|com"; nocase; ) # epxwwgbqwliy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002789; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|epxwwgbqwliy|03|com"; nocase; ) # kviynoppvwwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002790; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|kviynoppvwwc|03|com"; nocase; ) # lkonelxuvmlk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002791; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|lkonelxuvmlk|03|com"; nocase; ) # ovrqxskrtglh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002792; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ovrqxskrtglh|03|com"; nocase; ) # bbrutcnbglij.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002793; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|bbrutcnbglij|03|com"; nocase; ) # dwhxopmcgpix.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002794; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|dwhxopmcgpix|03|com"; nocase; ) # vstgbqpqtsnm.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002795; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|vstgbqpqtsnm|03|com"; nocase; ) # vwpuvcbedcjd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002796; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|vwpuvcbedcjd|03|biz"; nocase; ) # ddvfmhsjirfs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002797; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ddvfmhsjirfs|03|com"; nocase; ) # enutltmpiixg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002798; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|enutltmpiixg|03|com"; nocase; ) # jyxqfghympqu.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002799; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|jyxqfghympqu|03|biz"; nocase; ) # lhcnxovuhhcc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002800; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|lhcnxovuhhcc|03|biz"; nocase; ) # lllplpphbcpq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002801; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|lllplpphbcpq|03|com"; nocase; ) # lxtssopmjtfj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002802; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|lxtssopmjtfj|03|biz"; nocase; ) # mlotpqnlkfpb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002803; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|mlotpqnlkfpb|03|com"; nocase; ) # nlwwssqnenwo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002804; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nlwwssqnenwo|03|biz"; nocase; ) # nnnohofnmngs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002805; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nnnohofnmngs|03|com"; nocase; ) # nshbmqihoqdn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002806; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|nshbmqihoqdn|03|net"; nocase; ) # veswvrkdsboo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002807; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|veswvrkdsboo|03|com"; nocase; ) # wirflltwfnee.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002808; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|wirflltwfnee|02|ru"; nocase; ) # wnnhwvdxxhop.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002809; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|wnnhwvdxxhop|03|biz"; nocase; ) # wpovemncrgcy.xyz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002810; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|wpovemncrgcy|03|xyz"; nocase; ) # ynidxudlckkr.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002811; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ynidxudlckkr|03|com"; nocase; ) # investment-ready.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002812; reference:url,osint.bambenekconsulting.com/manual/matsnu.txt; priority:1; content:"|10|investment-ready|03|com"; nocase; ) # cbggtmpgovbj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002813; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|cbggtmpgovbj|03|com"; nocase; ) # ddwkclunmeeq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002814; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|ddwkclunmeeq|03|com"; nocase; ) # effcjjkeeekp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002815; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|effcjjkeeekp|03|com"; nocase; ) # mlidkpydnwcx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002816; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|mlidkpydnwcx|03|com"; nocase; ) # segpdhcssteq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002817; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|segpdhcssteq|03|com"; nocase; ) # yqdtemmxurjn.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002818; reference:url,osint.bambenekconsulting.com/manual/tinba.txt; priority:1; content:"|0c|yqdtemmxurjn|03|com"; nocase; ) # pgahbyurf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002819; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|09|pgahbyurf|03|com"; nocase; ) # anxsmqyfy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002820; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|09|anxsmqyfy|03|com"; nocase; ) # fidjlfphserhycexjhf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002821; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|13|fidjlfphserhycexjhf|03|com"; nocase; ) # ubgjsqkad.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002822; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|09|ubgjsqkad|03|com"; nocase; ) # lkmlcore.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002823; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|lkmlcore|03|com"; nocase; ) # oaifpapl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002824; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|oaifpapl|03|com"; nocase; ) # flkheyxtcedehipox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002825; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|11|flkheyxtcedehipox|03|com"; nocase; ) # havonolwc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002826; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|09|havonolwc|03|com"; nocase; ) # lbdlmcmfuinc.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002827; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|0c|lbdlmcmfuinc|03|com"; nocase; ) # cxatodxefolgkokdqy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002828; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|12|cxatodxefolgkokdqy|03|com"; nocase; ) # mtankfqv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002829; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|mtankfqv|03|com"; nocase; ) # nkootxbt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002830; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|nkootxbt|03|com"; nocase; ) # vupkimcu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002831; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|08|vupkimcu|03|com"; nocase; ) # wcqqjiixqutt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002832; reference:url,osint.bambenekconsulting.com/manual/ramnit.txt; priority:1; content:"|0c|wcqqjiixqutt|03|com"; nocase; ) # bovet.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002833; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|bovet|02|eu"; nocase; ) # cityhut.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002834; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|cityhut|03|com"; nocase; ) # foden.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002835; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|foden|02|eu"; nocase; ) # foqus.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002836; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|foqus|02|eu"; nocase; ) # foton.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002837; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|foton|02|eu"; nocase; ) # gadap.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002838; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gadap|02|eu"; nocase; ) # galif.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002839; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galif|02|eu"; nocase; ) # galik.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002840; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galik|02|eu"; nocase; ) # galip.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002841; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galip|02|eu"; nocase; ) # galor.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002842; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galor|02|eu"; nocase; ) # gatic.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002843; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gatic|02|eu"; nocase; ) # makom.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002844; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makom|02|eu"; nocase; ) # marusic.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002845; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|marusic|04|info"; nocase; ) # masol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002846; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|masol|02|eu"; nocase; ) # namax.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002847; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|namax|02|eu"; nocase; ) # purol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002848; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|purol|02|eu"; nocase; ) # simagas.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002849; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|simagas|03|com"; nocase; ) # simob.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002850; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|simob|02|eu"; nocase; ) # siseb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002851; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|siseb|02|eu"; nocase; ) # volez.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002852; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|volez|02|eu"; nocase; ) # vonak.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002853; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vonak|02|eu"; nocase; ) # vowypim.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002854; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|vowypim|03|com"; nocase; ) # boweb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002855; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|boweb|02|eu"; nocase; ) # cidef.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002856; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cidef|02|eu"; nocase; ) # cinop.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002857; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cinop|02|eu"; nocase; ) # dimelaw.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002858; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|dimelaw|04|info"; nocase; ) # doran.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002859; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|doran|02|eu"; nocase; ) # fotos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002860; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|fotos|02|eu"; nocase; ) # galek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002861; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galek|02|eu"; nocase; ) # haluk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002862; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|haluk|02|eu"; nocase; ) # lygynud.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002863; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|lygynud|03|com"; nocase; ) # lyken.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002864; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyken|02|eu"; nocase; ) # lyxam.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002865; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyxam|02|eu"; nocase; ) # mabox.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002866; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mabox|02|eu"; nocase; ) # makes.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002867; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makes|02|eu"; nocase; ) # makot.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002868; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makot|02|eu"; nocase; ) # nametok.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002869; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|nametok|03|com"; nocase; ) # pufymoq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002870; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|pufymoq|03|com"; nocase; ) # pujol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002871; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|pujol|02|eu"; nocase; ) # qetynev.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002872; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|qetynev|03|com"; nocase; ) # sikom.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002873; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|sikom|02|eu"; nocase; ) # simet.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002874; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|simet|02|eu"; nocase; ) # tuweb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002875; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tuweb|02|eu"; nocase; ) # vocer.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002876; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vocer|02|eu"; nocase; ) # vocoret.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002877; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|vocoret|03|com"; nocase; ) # volar.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002878; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|volar|02|eu"; nocase; ) # volig.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002879; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|volig|02|eu"; nocase; ) # wyles.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002880; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|wyles|02|eu"; nocase; ) # zukov.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002881; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|zukov|02|eu"; nocase; ) # bozet.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002882; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|bozet|02|eu"; nocase; ) # cicop.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002883; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cicop|02|eu"; nocase; ) # cidec.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002884; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cidec|02|eu"; nocase; ) # dimaweb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002885; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|dimaweb|04|info"; nocase; ) # dobat.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002886; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|dobat|02|eu"; nocase; ) # dogit.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002887; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|dogit|02|eu"; nocase; ) # doril.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002888; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|doril|02|eu"; nocase; ) # fobus.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002889; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|fobus|02|eu"; nocase; ) # foker.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002890; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|foker|02|eu"; nocase; ) # fotorob.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002891; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|fotorob|04|info"; nocase; ) # gadar.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002892; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gadar|02|eu"; nocase; ) # ganiq.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002893; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|ganiq|02|eu"; nocase; ) # gatun.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002894; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gatun|02|eu"; nocase; ) # gatyhub.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002895; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|gatyhub|03|com"; nocase; ) # lyman.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002896; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyman|02|eu"; nocase; ) # lyryx.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002897; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyryx|02|eu"; nocase; ) # lyxos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002898; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lyxos|02|eu"; nocase; ) # maramit.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002899; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|maramit|03|com"; nocase; ) # marex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002900; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|marex|02|eu"; nocase; ) # masen.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002901; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|masen|02|eu"; nocase; ) # masex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002902; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|masex|02|eu"; nocase; ) # najisom.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002903; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|najisom|03|com"; nocase; ) # navis.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002904; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|navis|02|eu"; nocase; ) # pumot.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002905; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|pumot|02|eu"; nocase; ) # purex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002906; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|purex|02|eu"; nocase; ) # tucer.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002907; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tucer|02|eu"; nocase; ) # vocab.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002908; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vocab|02|eu"; nocase; ) # zusex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002909; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|zusex|02|eu"; nocase; ) # bozec.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002910; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|bozec|02|eu"; nocase; ) # cilen.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002911; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cilen|02|eu"; nocase; ) # cineb.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002912; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cineb|02|eu"; nocase; ) # citon.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002913; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|citon|02|eu"; nocase; ) # fotek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002914; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|fotek|02|eu"; nocase; ) # gacek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002915; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gacek|02|eu"; nocase; ) # galen.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002916; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galen|02|eu"; nocase; ) # galep.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002917; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galep|02|eu"; nocase; ) # galev.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002918; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|galev|02|eu"; nocase; ) # ganed.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002919; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|ganed|02|eu"; nocase; ) # hapoc.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002920; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|hapoc|02|eu"; nocase; ) # lymos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002921; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|lymos|02|eu"; nocase; ) # makel.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002922; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makel|02|eu"; nocase; ) # marotek.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002923; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|marotek|03|com"; nocase; ) # masum.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002924; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|masum|02|eu"; nocase; ) # nagal.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002925; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|nagal|02|eu"; nocase; ) # nasim.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002926; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|nasim|02|eu"; nocase; ) # novodom.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002927; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|novodom|04|info"; nocase; ) # pufal.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002928; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|pufal|02|eu"; nocase; ) # puput.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002929; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|puput|02|eu"; nocase; ) # qetaf.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002930; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|qetaf|02|eu"; nocase; ) # ryhan.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002931; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|ryhan|02|eu"; nocase; ) # simul.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002932; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|simul|02|eu"; nocase; ) # sirex.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002933; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|sirex|02|eu"; nocase; ) # sisol.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002934; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|sisol|02|eu"; nocase; ) # tuced.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002935; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tuced|02|eu"; nocase; ) # videcam.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002936; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|videcam|04|info"; nocase; ) # volac.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002937; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|volac|02|eu"; nocase; ) # vonik.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002938; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vonik|02|eu"; nocase; ) # vowap.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002939; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vowap|02|eu"; nocase; ) # bomed.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002940; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|bomed|02|eu"; nocase; ) # cicuk.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002941; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|cicuk|02|eu"; nocase; ) # fotor.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002942; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|fotor|02|eu"; nocase; ) # gacynuz.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002943; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|gacynuz|03|com"; nocase; ) # gadak.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002944; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gadak|02|eu"; nocase; ) # gadic.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002945; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gadic|02|eu"; nocase; ) # ganek.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002946; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|ganek|02|eu"; nocase; ) # gater.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002947; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|gater|02|eu"; nocase; ) # hafod.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002948; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|hafod|02|eu"; nocase; ) # halimaw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002949; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|halimaw|03|com"; nocase; ) # kymos.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002950; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|kymos|02|eu"; nocase; ) # lykymox.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002951; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|lykymox|03|com"; nocase; ) # mages.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002952; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mages|02|eu"; nocase; ) # makun.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002953; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|makun|02|eu"; nocase; ) # mamet.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002954; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mamet|02|eu"; nocase; ) # mamitam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002955; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|07|mamitam|03|com"; nocase; ) # mamon.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002956; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|mamon|02|eu"; nocase; ) # maros.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002957; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|maros|02|eu"; nocase; ) # maxel.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002958; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|maxel|02|eu"; nocase; ) # purac.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002959; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|purac|02|eu"; nocase; ) # pured.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002960; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|pured|02|eu"; nocase; ) # puric.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002961; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|puric|02|eu"; nocase; ) # tunez.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002962; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tunez|02|eu"; nocase; ) # tuzer.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002963; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|tuzer|02|eu"; nocase; ) # vocom.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002964; reference:url,osint.bambenekconsulting.com/manual/simda.txt; priority:1; content:"|05|vocom|02|eu"; nocase; ) # cjgsnenansnan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002965; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|0d|cjgsnenansnan|03|com"; nocase; ) # getadobeflashplayer.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002966; reference:url,osint.bambenekconsulting.com/manual/volatile.txt; priority:1; content:"|13|getadobeflashplayer|03|net"; nocase; ) # vlbqryjd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002967; reference:url,osint.bambenekconsulting.com/manual/dircrypt-iplist.txt; priority:1; content:"|08|vlbqryjd|03|com"; nocase; ) # ceffor.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002968; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|ceffor|03|net"; nocase; ) # kovacs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002969; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|kovacs|03|biz"; nocase; ) # meguia.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002970; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|meguia|03|net"; nocase; ) # kdrccwnansnan.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002971; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|0d|kdrccwnansnan|03|com"; nocase; ) # cealis.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002972; reference:url,osint.bambenekconsulting.com/manual/pykspa.txt; priority:1; content:"|06|cealis|03|net"; nocase; ) # crowdaround.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002973; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|crowdaround|03|net"; nocase; ) # experiencecover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002974; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0f|experiencecover|03|net"; nocase; ) # freshcompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002975; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|freshcompany|03|net"; nocase; ) # knownprobable.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002976; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|knownprobable|03|net"; nocase; ) # knownshoulder.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002977; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|knownshoulder|03|net"; nocase; ) # lifehorse.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002978; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifehorse|03|net"; nocase; ) # lifetaste.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002979; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifetaste|03|net"; nocase; ) # longiron.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002980; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|longiron|03|net"; nocase; ) # longshow.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002981; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|longshow|03|net"; nocase; ) # pushmoon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002982; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|pushmoon|03|net"; nocase; ) # saidtook.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002983; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|saidtook|03|net"; nocase; ) # watercompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002984; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|watercompany|03|net"; nocase; ) # watercomplete.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002985; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|watercomplete|03|net"; nocase; ) # watercover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002986; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|watercover|03|net"; nocase; ) # wheelcome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002987; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|wheelcome|03|net"; nocase; ) # ns1.dnsfor15.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002988; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|08|dnsfor15|03|com"; nocase; ) # alpsam.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002989; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|alpsam|03|com"; nocase; ) # logher.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002990; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|logher|03|com"; nocase; ) # ns1.dnsfor8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002991; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|07|dnsfor8|03|com"; nocase; ) # aehtcdb.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002992; reference:url,osint.bambenekconsulting.com/manual/shifu.txt; priority:1; content:"|07|aehtcdb|04|info"; nocase; ) # bagpump.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002993; reference:url,osint.bambenekconsulting.com/manual/shifu.txt; priority:1; content:"|07|bagpump|02|eu"; nocase; ) # deepworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002994; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|deepworld|03|net"; nocase; ) # fightcompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002995; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|fightcompany|03|net"; nocase; ) # freshcover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002996; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|freshcover|03|net"; nocase; ) # lifeenjoy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002997; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifeenjoy|03|net"; nocase; ) # lifefeed.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002998; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|lifefeed|03|net"; nocase; ) # longearth.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000002999; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|longearth|03|net"; nocase; ) # mouthiron.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003000; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|mouthiron|03|net"; nocase; ) # partycompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003001; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|partycompany|03|net"; nocase; ) # partycover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003002; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|partycover|03|net"; nocase; ) # pushdeal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003003; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|pushdeal|03|net"; nocase; ) # summerkitchen.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003004; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|summerkitchen|03|net"; nocase; ) # wheeldeal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003005; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|wheeldeal|03|net"; nocase; ) # wheelworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003006; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|wheelworld|03|net"; nocase; ) # alreadybridge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003007; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|alreadybridge|03|net"; nocase; ) # decemberfirst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003008; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|decemberfirst|03|net"; nocase; ) # experiencenature.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003009; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|10|experiencenature|03|net"; nocase; ) # fridayguess.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003010; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|fridayguess|03|net"; nocase; ) # lifebuild.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003011; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifebuild|03|net"; nocase; ) # liferule.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003012; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|liferule|03|net"; nocase; ) # lifeworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003013; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifeworld|03|net"; nocase; ) # stickworld.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003014; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|stickworld|03|net"; nocase; ) # summercompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003015; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0d|summercompany|03|net"; nocase; ) # thoughtboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003016; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|thoughtboard|03|net"; nocase; ) # tillroll.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003017; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|tillroll|03|net"; nocase; ) # waterenough.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003018; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|waterenough|03|net"; nocase; ) # waterwagon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003019; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|waterwagon|03|net"; nocase; ) # womanboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003020; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|womanboard|03|net"; nocase; ) # gbjtyyhrhk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003021; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|0a|gbjtyyhrhk|03|com"; nocase; ) # twkpwfuecvvzcincq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003022; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|11|twkpwfuecvvzcincq|03|net"; nocase; ) # epeidu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003023; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|epeidu|03|com"; nocase; ) # lecajst.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003024; reference:url,osint.bambenekconsulting.com/manual/shifu.txt; priority:1; content:"|07|lecajst|04|info"; nocase; ) # decembermoon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003025; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|decembermoon|03|net"; nocase; ) # freshboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003026; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|freshboard|03|net"; nocase; ) # lifefirst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003027; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|09|lifefirst|03|net"; nocase; ) # lifeoctover.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003028; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|lifeoctover|03|net"; nocase; ) # partyboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003029; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|partyboard|03|net"; nocase; ) # partybridge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003030; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|partybridge|03|net"; nocase; ) # smokecompany.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003031; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|smokecompany|03|net"; nocase; ) # smokewagon.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003032; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|smokewagon|03|net"; nocase; ) # ns1.backdates10.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003033; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|0b|backdates10|03|com"; nocase; ) # ns1.dnsfor7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003034; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|07|dnsfor7|03|com"; nocase; ) # vhfcdxydyp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003035; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|0a|vhfcdxydyp|03|com"; nocase; ) # akbbags.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003036; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|07|akbbags|03|com"; nocase; ) # qprweb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003037; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|qprweb|03|com"; nocase; ) # ns1.backdates2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003038; reference:url,osint.bambenekconsulting.com/manual/beebone.txt; priority:1; content:"|03|ns1|0a|backdates2|03|com"; nocase; ) # drohppbkxj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003039; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|0a|drohppbkxj|03|com"; nocase; ) # gjsbydmrpfzsmnfiu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003040; reference:url,osint.bambenekconsulting.com/manual/fobber-iplist.txt; priority:1; content:"|11|gjsbydmrpfzsmnfiu|03|net"; nocase; ) # origii.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003041; reference:url,osint.bambenekconsulting.com/manual/nymaim.txt; priority:1; content:"|06|origii|03|com"; nocase; ) # bjcanqv.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003042; reference:url,osint.bambenekconsulting.com/manual/shifu.txt; priority:1; content:"|07|bjcanqv|02|eu"; nocase; ) # crowdbridge.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003043; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|crowdbridge|03|net"; nocase; ) # freshbecome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003044; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|freshbecome|03|net"; nocase; ) # lifehunt.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003045; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|08|lifehunt|03|net"; nocase; ) # smokerealize.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003046; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0c|smokerealize|03|net"; nocase; ) # summerboard.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003047; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|summerboard|03|net"; nocase; ) # wheelunder.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003048; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0a|wheelunder|03|net"; nocase; ) # wheelweight.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003049; reference:url,osint.bambenekconsulting.com/manual/suppobox.txt; priority:1; content:"|0b|wheelweight|03|net"; nocase; ) # mbfolblryjv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003050; reference:url,osint.bambenekconsulting.com/manual/tempedreve.txt; priority:1; content:"|0b|mbfolblryjv|03|net"; nocase; ) # vbvyuewvklknya.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003051; reference:url,osint.bambenekconsulting.com/manual/locky.txt; priority:1; content:"|0e|vbvyuewvklknya|03|biz"; nocase; ) # thoitrangaodacaocap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003052; reference:url,www.spamhaus.org/query/dbl?domain=thoitrangaodacaocap.com; priority:1; content:"|13|thoitrangaodacaocap|03|com"; nocase; ) # metalexvietnamreed.tk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003053; reference:url,www.spamhaus.org/query/dbl?domain=metalexvietnamreed.tk; priority:1; content:"|12|metalexvietnamreed|02|tk"; nocase; ) # mx.shammah.openbrazil.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003054; reference:url,www.spamhaus.org/query/dbl?domain=mx.shammah.openbrazil.org; priority:1; content:"|02|mx|07|shammah|0a|openbrazil|03|org"; nocase; ) # ninjastgeorge.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003055; reference:url,www.spamhaus.org/query/dbl?domain=ninjastgeorge.com; priority:1; content:"|0d|ninjastgeorge|03|com"; nocase; ) # banana.dp.ua [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003056; reference:url,www.spamhaus.org/query/dbl?domain=banana.dp.ua; priority:1; content:"|06|banana|02|dp|02|ua"; nocase; ) # mail.thoitrangaodacaocap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003057; reference:url,www.spamhaus.org/query/dbl?domain=mail.thoitrangaodacaocap.com; priority:1; content:"|04|mail|13|thoitrangaodacaocap|03|com"; nocase; ) # ns1.verinetinternet.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003058; reference:url,www.spamhaus.org/query/dbl?domain=ns1.verinetinternet.com; priority:1; content:"|03|ns1|0f|verinetinternet|03|com"; nocase; ) # ocqiwseygwqyeuma.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003059; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|ocqiwseygwqyeuma|03|org"; nocase; ) # d.s1.chengshizhixing.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003060; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|01|d|02|s1|0f|chengshizhixing|03|com"; nocase; ) # bdubefoeug.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003061; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0a|bdubefoeug|02|yi|03|org"; nocase; ) # cdggua.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003062; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|06|cdggua|02|yi|03|org"; nocase; ) # hdredirect-lb-399551664.us-east-1.elb.amazonaws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003063; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|17|hdredirect-lb-399551664|09|us-east-1|03|elb|09|amazonaws|03|com"; nocase; ) # hzmwxlmu.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003064; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|hzmwxlmu|02|yi|03|org"; nocase; ) # pcajqcaof.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003065; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|pcajqcaof|02|yi|03|org"; nocase; ) # vsdvzwt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003066; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|07|vsdvzwt|03|com"; nocase; ) # adhbtib.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003067; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|07|adhbtib|02|yi|03|org"; nocase; ) # denalits.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003068; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|denalits|03|com"; nocase; ) # kqrhri.mooo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003069; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|06|kqrhri|04|mooo|03|com"; nocase; ) # ngbmfsbuql.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003070; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0a|ngbmfsbuql|02|yi|03|org"; nocase; ) # gmaeesguiokeyqwo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003071; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|gmaeesguiokeyqwo|03|org"; nocase; ) # iqswksmkegumawkm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003072; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|iqswksmkegumawkm|03|org"; nocase; ) # bitrik.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003073; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|bitrik|03|com"; nocase; ) # oboyka.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003074; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|oboyka|03|com"; nocase; ) # klofmvcx.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003075; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|klofmvcx|02|yi|03|org"; nocase; ) # muodaclf.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003076; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|muodaclf|02|yi|03|org"; nocase; ) # wpodosail.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003077; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|wpodosail|03|com"; nocase; ) # zssdxcq.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003078; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|07|zssdxcq|02|yi|03|org"; nocase; ) # fofond.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003079; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|fofond|03|com"; nocase; ) # huffee.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003080; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|huffee|03|com"; nocase; ) # mnmkhl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003081; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|mnmkhl|03|com"; nocase; ) # usenti.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003082; reference:url,osint.bambenekconsulting.com/manual/virut.txt; priority:1; content:"|06|usenti|03|com"; nocase; ) # afmbtgyktty.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003083; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|afmbtgyktty|02|yi|03|org"; nocase; ) # bpdyttrlp.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003084; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|bpdyttrlp|02|yi|03|org"; nocase; ) # grohhgebtxa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003085; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|grohhgebtxa|03|com"; nocase; ) # gviailawmc.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003086; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0a|gviailawmc|02|yi|03|org"; nocase; ) # ihouxyds.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003087; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|08|ihouxyds|02|yi|03|org"; nocase; ) # itifvo.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003088; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|06|itifvo|02|yi|03|org"; nocase; ) # lbimniu.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003089; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|07|lbimniu|02|yi|03|org"; nocase; ) # niirdoewt.dyndns.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003090; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|niirdoewt|06|dyndns|03|org"; nocase; ) # wmvrlpvpqxu.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003091; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|wmvrlpvpqxu|02|yi|03|org"; nocase; ) # ceigqweqwaywiqgu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003092; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|ceigqweqwaywiqgu|03|org"; nocase; ) # ywoekqumwmygouka.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003093; reference:url,osint.bambenekconsulting.com/manual/ramdo.txt; priority:1; content:"|10|ywoekqumwmygouka|03|org"; nocase; ) # iqwifsunu.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003094; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|iqwifsunu|02|yi|03|org"; nocase; ) # qpyosxkmcc.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003095; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0a|qpyosxkmcc|02|yi|03|org"; nocase; ) # qwzsprieo.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003096; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|09|qwzsprieo|02|yi|03|org"; nocase; ) # udtwirqzhdm.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003097; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|udtwirqzhdm|02|yi|03|org"; nocase; ) # xlfstaxlrui.yi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003098; reference:url,osint.bambenekconsulting.com/manual/kraken.txt; priority:1; content:"|0b|xlfstaxlrui|02|yi|03|org"; nocase; ) # crowdwelcome.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003099; reference:url,www.spamhaus.org/query/dbl?domain=crowdwelcome.net; priority:1; content:"|0c|crowdwelcome|03|net"; nocase; ) # womanproud.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003100; reference:url,www.spamhaus.org/query/dbl?domain=womanproud.net; priority:1; content:"|0a|womanproud|03|net"; nocase; ) # lgqvnnbqlggc.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003101; reference:url,www.spamhaus.org/query/dbl?domain=lgqvnnbqlggc.biz; priority:1; content:"|0c|lgqvnnbqlggc|03|biz"; nocase; ) # gentlemanfurther.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003102; reference:url,www.spamhaus.org/query/dbl?domain=gentlemanfurther.net; priority:1; content:"|10|gentlemanfurther|03|net"; nocase; ) # mail.bagpump.eu [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003103; reference:url,www.spamhaus.org/query/dbl?domain=mail.bagpump.eu; priority:1; content:"|04|mail|07|bagpump|02|eu"; nocase; ) # ns1.bwreg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - suspicious"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003104; reference:url,www.spamhaus.org/query/dbl?domain=ns1.bwreg.com; priority:1; content:"|03|ns1|05|bwreg|03|com"; nocase; ) # dsbmcrxepqocq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003105; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dsbmcrxepqocq|03|net"; nocase; ) # ujldfdvipnxpf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003106; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ujldfdvipnxpf|03|biz"; nocase; ) # vfrrkqloatkgi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003107; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vfrrkqloatkgi|02|co|02|uk"; nocase; ) # vcldghlargdog.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003108; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vcldghlargdog|03|biz"; nocase; ) # xlqjrmuuuhely.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003109; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xlqjrmuuuhely|04|info"; nocase; ) # ahvyuslkrgucg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003110; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ahvyuslkrgucg|02|ru"; nocase; ) # buuqbnvfjgbqx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003111; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|buuqbnvfjgbqx|03|org"; nocase; ) # ljabmtliqdaywdp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003112; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ljabmtliqdaywdp|03|org"; nocase; ) # ynbfplbnosjhglc.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003113; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ynbfplbnosjhglc|02|co|02|uk"; nocase; ) # mrkwmjygfuwmesp.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003114; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mrkwmjygfuwmesp|04|info"; nocase; ) # qpofdcxktjboiww.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003115; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qpofdcxktjboiww|02|ru"; nocase; ) # etpjgtnprykwikw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003116; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|etpjgtnprykwikw|03|org"; nocase; ) # ygnkxoqjirgdjuy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003117; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ygnkxoqjirgdjuy|02|ru"; nocase; ) # geqyoyfbmlfkamj.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003118; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|geqyoyfbmlfkamj|02|co|02|uk"; nocase; ) # kpugxqyuduncesm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003119; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kpugxqyuduncesm|03|biz"; nocase; ) # lfvrsldcpddkfix.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003120; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|lfvrsldcpddkfix|02|ru"; nocase; ) # nxpseoovngclxdk.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003121; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nxpseoovngclxdk|02|co|02|uk"; nocase; ) # rimmlcaydjiibgq.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003122; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rimmlcaydjiibgq|02|ru"; nocase; ) # bhvngegvgjkkerg.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003123; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bhvngegvgjkkerg|02|co|02|uk"; nocase; ) # hwogwyhmvjvkqfh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003124; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hwogwyhmvjvkqfh|02|co|02|uk"; nocase; ) # josrxredodlfcwx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003125; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|josrxredodlfcwx|03|biz"; nocase; ) # uvvjlwmouwalyku.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003126; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|uvvjlwmouwalyku|02|ru"; nocase; ) # vjqwmoacdujxagy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003127; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|vjqwmoacdujxagy|03|org"; nocase; ) # frpmwjwiibpnohw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003128; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|frpmwjwiibpnohw|03|org"; nocase; ) # tkpwaljvxieygmt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003129; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|tkpwaljvxieygmt|04|info"; nocase; ) # iuuuwmtswysindj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003130; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|iuuuwmtswysindj|03|biz"; nocase; ) # ytspvnttddapshf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003131; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ytspvnttddapshf|03|net"; nocase; ) # ipxbkmbweplkdng.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003132; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ipxbkmbweplkdng|04|info"; nocase; ) # khcmlrlbbiledxs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003133; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|khcmlrlbbiledxs|02|ru"; nocase; ) # nybtgrcdkfhbbcs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003134; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nybtgrcdkfhbbcs|03|net"; nocase; ) # yoirlftcmanujno.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003135; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|yoirlftcmanujno|04|info"; nocase; ) # asgrmuhagiciqrg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003136; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|asgrmuhagiciqrg|03|net"; nocase; ) # dmmacxsgborwuym.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003137; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|dmmacxsgborwuym|02|ru"; nocase; ) # qqnclpiaujmkeom.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003138; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qqnclpiaujmkeom|03|org"; nocase; ) # jomselidwdwbusa.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003139; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|jomselidwdwbusa|02|co|02|uk"; nocase; ) # wsnungoqndjwuoy.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003140; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|wsnungoqndjwuoy|04|info"; nocase; ) # qqpmsobbuijjtme.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003141; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qqpmsobbuijjtme|02|co|02|uk"; nocase; ) # efkhkenbupudnuf.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003142; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|efkhkenbupudnuf|02|ru"; nocase; ) # xllcvmjohcekljj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003143; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|xllcvmjohcekljj|04|info"; nocase; ) # amjfavemgfuclbu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003144; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|amjfavemgfuclbu|03|net"; nocase; ) # ahrmystfbjmpkjv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003145; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ahrmystfbjmpkjv|03|com"; nocase; ) # blpmaihdurbdrnn.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003146; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|blpmaihdurbdrnn|03|biz"; nocase; ) # ikpifvwmmhtwisa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003147; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ikpifvwmmhtwisa|03|org"; nocase; ) # mitqvbfrfmnabst.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003148; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mitqvbfrfmnabst|03|net"; nocase; ) # ntsyhcwgrtvujbr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003149; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|ntsyhcwgrtvujbr|04|info"; nocase; ) # qecvqmbpwcykmkf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003150; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|qecvqmbpwcykmkf|03|biz"; nocase; ) # gcrcybgpglprkwn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003151; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|gcrcybgpglprkwn|04|info"; nocase; ) # hpxnywvcgnjodtg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003152; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|hpxnywvcgnjodtg|03|net"; nocase; ) # kxahtmccxbwxhcp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003153; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|kxahtmccxbwxhcp|03|com"; nocase; ) # mpesurmgutwrsds.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003154; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|mpesurmgutwrsds|03|org"; nocase; ) # nbrxeovvxdqayqw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003155; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|nbrxeovvxdqayqw|03|net"; nocase; ) # bdmxhjcjlcwriae.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003156; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|bdmxhjcjlcwriae|03|biz"; nocase; ) # duqjiomniuwliru.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003157; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|duqjiomniuwliru|04|info"; nocase; ) # skuoguvpdpsxafh.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003158; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|skuoguvpdpsxafh|02|ru"; nocase; ) # rnglvvhanilmmpa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003159; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0f|rnglvvhanilmmpa|03|org"; nocase; ) # lsxhvoarellfbs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003160; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|lsxhvoarellfbs|03|net"; nocase; ) # pidhohyvgwiymb.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003161; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pidhohyvgwiymb|02|co|02|uk"; nocase; ) # tcgwvysbjjtume.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003162; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tcgwvysbjjtume|03|biz"; nocase; ) # ukqoiogcpssxtf.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003163; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ukqoiogcpssxtf|03|org"; nocase; ) # ptlwwtdjiunsgn.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003164; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ptlwwtdjiunsgn|04|info"; nocase; ) # eafpuciepssrkg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003165; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|eafpuciepssrkg|03|com"; nocase; ) # itifctcxsfirht.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003166; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|itifctcxsfirht|03|org"; nocase; ) # jjjqwogffnxayv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003167; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|jjjqwogffnxayv|02|co|02|uk"; nocase; ) # mjnfumbcuqflhl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003168; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mjnfumbcuqflhl|03|net"; nocase; ) # peythwsqpqycyo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003169; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|peythwsqpqycyo|03|org"; nocase; ) # asgppodpyoobdm.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003170; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|asgppodpyoobdm|02|co|02|uk"; nocase; ) # bbqhcxxexlfnde.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003171; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bbqhcxxexlfnde|03|com"; nocase; ) # kaaiwaebblhpgp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003172; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|kaaiwaebblhpgp|03|biz"; nocase; ) # mjfcvsbrhvosgt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003173; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mjfcvsbrhvosgt|04|info"; nocase; ) # wtqnvtfsngdylf.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003174; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|wtqnvtfsngdylf|03|net"; nocase; ) # xjryqojaaoshdh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003175; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xjryqojaaoshdh|03|biz"; nocase; ) # yybqndatoppxcm.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003176; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yybqndatoppxcm|02|ru"; nocase; ) # aswsphgqgyakvh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003177; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|aswsphgqgyakvh|04|info"; nocase; ) # uwuhwrbxwjgjdu.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003178; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|uwuhwrbxwjgjdu|03|com"; nocase; ) # pvuemdhttjrtpo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003179; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|pvuemdhttjrtpo|03|biz"; nocase; ) # duuechheyknfim.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003180; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|duuechheyknfim|02|ru"; nocase; ) # hddulncmqumghs.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003181; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hddulncmqumghs|02|ru"; nocase; ) # hqdjwreovhajtl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003182; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hqdjwreovhajtl|03|org"; nocase; ) # iexwxjrcefjvuh.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003183; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|iexwxjrcefjvuh|02|co|02|uk"; nocase; ) # htcrwgrmmkbspp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003184; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|htcrwgrmmkbspp|03|net"; nocase; ) # umulfchlvfevew.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003185; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|umulfchlvfevew|02|ru"; nocase; ) # acetipenlpbjar.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003186; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|acetipenlpbjar|02|co|02|uk"; nocase; ) # ngfvrhthfkvwax.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003187; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ngfvrhthfkvwax|04|info"; nocase; ) # ilmjibexlpowid.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003188; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ilmjibexlpowid|04|info"; nocase; ) # mmuwovdavksrcf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003189; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mmuwovdavksrcf|03|biz"; nocase; ) # fagqwlrloreupx.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003190; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fagqwlrloreupx|02|co|02|uk"; nocase; ) # hbepnbfscaolna.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003191; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|hbepnbfscaolna|03|com"; nocase; ) # yukrpokkulxbbn.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003192; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|yukrpokkulxbbn|02|co|02|uk"; nocase; ) # oyppxrvdfumesy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003193; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|oyppxrvdfumesy|03|com"; nocase; ) # nxogoatkhqeguj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003194; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|nxogoatkhqeguj|03|com"; nocase; ) # epsxktbjmykjgg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003195; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|epsxktbjmykjgg|03|com"; nocase; ) # xqcpneqlnbywvt.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003196; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|xqcpneqlnbywvt|02|co|02|uk"; nocase; ) # vbmxhuphdcffkl.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003197; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vbmxhuphdcffkl|03|org"; nocase; ) # escipprsctxfxf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003198; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|escipprsctxfxf|03|com"; nocase; ) # owioyutkdwarbk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003199; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|owioyutkdwarbk|03|com"; nocase; ) # ripsekooaydrdi.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003200; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|ripsekooaydrdi|03|biz"; nocase; ) # itnkbofvjufioh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003201; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|itnkbofvjufioh|03|net"; nocase; ) # vvikejljwtlaxq.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003202; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vvikejljwtlaxq|03|biz"; nocase; ) # mjskttnbrlvdhe.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003203; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mjskttnbrlvdhe|02|co|02|uk"; nocase; ) # koxqfknmncgcqf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003204; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|koxqfknmncgcqf|03|com"; nocase; ) # mpvpvabtbkqsos.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003205; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|mpvpvabtbkqsos|03|biz"; nocase; ) # prxcfkanjpnktd.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003206; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|prxcfkanjpnktd|02|co|02|uk"; nocase; ) # dwqwsocpefbxrj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003207; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|dwqwsocpefbxrj|03|org"; nocase; ) # fgvqrtmtqmoarb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003208; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|fgvqrtmtqmoarb|03|net"; nocase; ) # smggwyntmmceox.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003209; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|smggwyntmmceox|03|biz"; nocase; ) # tabreqbsqpwvpx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003210; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|tabreqbsqpwvpx|02|ru"; nocase; ) # vajvjnsmewtsat.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003211; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|vajvjnsmewtsat|03|net"; nocase; ) # bpexptjccqbjhl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003212; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0e|bpexptjccqbjhl|04|info"; nocase; ) # uqoryvuuwcodg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003213; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uqoryvuuwcodg|03|net"; nocase; ) # xgimoyeugayuy.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003214; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xgimoyeugayuy|02|ru"; nocase; ) # yvjwgqxpeltfa.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003215; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yvjwgqxpeltfa|03|org"; nocase; ) # iagefdopysucw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003216; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|iagefdopysucw|03|net"; nocase; ) # mxkuuvlnwichw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003217; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mxkuuvlnwichw|02|co|02|uk"; nocase; ) # sxawtrbfqjgxt.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003218; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sxawtrbfqjgxt|04|info"; nocase; ) # utdkgjuvtgpgs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003219; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|utdkgjuvtgpgs|03|biz"; nocase; ) # qltlbkhauvhxo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003220; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|qltlbkhauvhxo|03|net"; nocase; ) # sdcemywbsqeyj.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003221; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sdcemywbsqeyj|03|com"; nocase; ) # kocljhlwbjvth.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003222; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kocljhlwbjvth|03|biz"; nocase; ) # huemsyucemunb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003223; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|huemsyucemunb|03|biz"; nocase; ) # vxtsetvdljway.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003224; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vxtsetvdljway|02|ru"; nocase; ) # ebivkjdnwwvca.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003225; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ebivkjdnwwvca|03|net"; nocase; ) # dgacdvbsrwiqv.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003226; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dgacdvbsrwiqv|03|org"; nocase; ) # ecqcsmfkwtwmt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003227; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ecqcsmfkwtwmt|03|com"; nocase; ) # ftgutbptgilps.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003228; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ftgutbptgilps|03|net"; nocase; ) # eweukphdnbaxl.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003229; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|eweukphdnbaxl|04|info"; nocase; ) # irkmyikpqtdwp.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003230; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|irkmyikpqtdwp|02|ru"; nocase; ) # llqdnltpubvoi.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003231; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|llqdnltpubvoi|02|co|02|uk"; nocase; ) # yaftcxjhcfwjl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003232; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|yaftcxjhcfwjl|03|biz"; nocase; ) # npmfagmasaivl.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003233; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|npmfagmasaivl|02|ru"; nocase; ) # ofnnxbwdjvkhd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003234; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ofnnxbwdjvkhd|03|org"; nocase; ) # sdrenttbhlrmd.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003235; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sdrenttbhlrmd|03|net"; nocase; ) # gdinsdjybucxg.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003236; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|gdinsdjybucxg|03|net"; nocase; ) # ulhqgearrnrgn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003237; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ulhqgearrnrgn|03|org"; nocase; ) # oxnkvwykqvruc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003238; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|oxnkvwykqvruc|03|net"; nocase; ) # ovsvwojjcdmcd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003239; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ovsvwojjcdmcd|03|biz"; nocase; ) # plteugdpvtave.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003240; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|plteugdpvtave|02|ru"; nocase; ) # knemuxacusnla.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003241; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|knemuxacusnla|04|info"; nocase; ) # xrfphsmwlaifa.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003242; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xrfphsmwlaifa|03|com"; nocase; ) # mocpyhuatvedq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003243; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mocpyhuatvedq|03|net"; nocase; ) # asdslchukdywa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003244; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|asdslchukdywa|03|biz"; nocase; ) # mfiguqyywhcje.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003245; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|mfiguqyywhcje|02|ru"; nocase; ) # uxsoycyuxpxve.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003246; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|uxsoycyuxpxve|03|org"; nocase; ) # vntwwwjxolahv.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003247; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|vntwwwjxolahv|02|co|02|uk"; nocase; ) # xorabgevnoqyd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003248; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|xorabgevnoqyd|03|com"; nocase; ) # wetkhxxgrskkw.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003249; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|wetkhxxgrskkw|02|co|02|uk"; nocase; ) # kgojhpthvruag.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003250; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|kgojhpthvruag|04|info"; nocase; ) # ydsstlqlyccbs.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003251; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|ydsstlqlyccbs|02|co|02|uk"; nocase; ) # sjmfnvniqjjlw.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003252; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|sjmfnvniqjjlw|02|ru"; nocase; ) # dnaykrypqroew.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003253; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dnaykrypqroew|03|org"; nocase; ) # jmcsemwlvbxly.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003254; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|jmcsemwlvbxly|02|ru"; nocase; ) # bstdrkglvhnxd.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003255; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|bstdrkglvhnxd|03|org"; nocase; ) # dgaviqtabirqa.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003256; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|dgaviqtabirqa|03|net"; nocase; ) # etuisingfrwkr.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003257; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0d|etuisingfrwkr|03|biz"; nocase; ) # aldqwxvmpjwr.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003258; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aldqwxvmpjwr|02|co|02|uk"; nocase; ) # dsxhcbfjugtl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003259; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|dsxhcbfjugtl|03|com"; nocase; ) # xhhkatcghcbl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003260; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xhhkatcghcbl|03|com"; nocase; ) # nuuhqgiqhcpl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003261; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nuuhqgiqhcpl|02|co|02|uk"; nocase; ) # cvefcbjodhtj.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003262; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cvefcbjodhtj|04|info"; nocase; ) # ijekovoffrwl.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003263; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ijekovoffrwl|02|co|02|uk"; nocase; ) # jyfugqytrjhr.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003264; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jyfugqytrjhr|04|info"; nocase; ) # ollyqvhpxhpj.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003265; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ollyqvhpxhpj|03|biz"; nocase; ) # gjsuamgbnffk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003266; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|gjsuamgbnffk|03|net"; nocase; ) # yowvajnsvjce.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003267; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yowvajnsvjce|03|org"; nocase; ) # bxcxxcmplumk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003268; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bxcxxcmplumk|03|net"; nocase; ) # kiujgwwmcams.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003269; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|kiujgwwmcams|03|biz"; nocase; ) # jppvsmvkyeof.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003270; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jppvsmvkyeof|03|org"; nocase; ) # llucjtdgnbyw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003271; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|llucjtdgnbyw|03|com"; nocase; ) # onfvwhtweuyg.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003272; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|onfvwhtweuyg|02|ru"; nocase; ) # xrmaacstyfhg.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003273; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xrmaacstyfhg|03|biz"; nocase; ) # nyrelmskqlod.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003274; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nyrelmskqlod|02|co|02|uk"; nocase; ) # yumsdcpvlbtk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003275; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yumsdcpvlbtk|03|com"; nocase; ) # bawvurddtsxs.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003276; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bawvurddtsxs|03|biz"; nocase; ) # cwwmqmpsbafc.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003277; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cwwmqmpsbafc|02|ru"; nocase; ) # hmispxbiujkl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003278; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hmispxbiujkl|03|net"; nocase; ) # iuskchvwtgbx.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003279; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|iuskchvwtgbx|02|ru"; nocase; ) # ydssqivbwxqh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003280; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|ydssqivbwxqh|03|biz"; nocase; ) # aydgkvkerfax.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003281; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|aydgkvkerfax|02|co|02|uk"; nocase; ) # bhnxwffsqcqk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003282; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bhnxwffsqcqk|03|com"; nocase; ) # cuimbwynypcy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003283; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cuimbwynypcy|03|net"; nocase; ) # asaglkejduoa.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003284; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|asaglkejduoa|03|biz"; nocase; ) # nuubwgvobfcj.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003285; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|nuubwgvobfcj|03|org"; nocase; ) # qvpriaoyvbjh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003286; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qvpriaoyvbjh|03|biz"; nocase; ) # yeakdcdtjhgr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003287; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|yeakdcdtjhgr|03|org"; nocase; ) # qxgvhmvsopla.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003288; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|qxgvhmvsopla|03|biz"; nocase; ) # jqjwsuklpurk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003289; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|jqjwsuklpurk|03|net"; nocase; ) # mqnwmvndhkan.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003290; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|mqnwmvndhkan|03|org"; nocase; ) # paikaorvmogb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003291; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|paikaorvmogb|03|biz"; nocase; ) # bijvjxdkfgeh.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003292; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|bijvjxdkfgeh|03|biz"; nocase; ) # wbqwobcirpjm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003293; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|wbqwobcirpjm|03|org"; nocase; ) # tgilyrifawfv.ru [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003294; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|tgilyrifawfv|02|ru"; nocase; ) # xqlmntcdwbjb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003295; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|xqlmntcdwbjb|03|biz"; nocase; ) # cystddibbfbi.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003296; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|cystddibbfbi|03|org"; nocase; ) # eaqstmdcixuh.info [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003297; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|eaqstmdcixuh|04|info"; nocase; ) # fprbrhnfytws.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003298; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|fprbrhnfytws|03|com"; nocase; ) # hywdpamcofhy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003299; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hywdpamcofhy|03|org"; nocase; ) # hvguoudjkslb.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003300; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|hvguoudjkslb|03|net"; nocase; ) # llldganujawy.co.uk [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003301; reference:url,osint.bambenekconsulting.com/manual/wiki25.txt; priority:1; content:"|0c|llldganujawy|02|co|02|uk"; nocase; ) # 4ytjzgm5m2i8ctr72wevq5c.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003302; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|4ytjzgm5m2i8ctr72wevq5c|03|com"; nocase; ) # 1729bul1tn8iah18pd3gofjzfdq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003303; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1729bul1tn8iah18pd3gofjzfdq|03|net"; nocase; ) # ympr1h104u7knk54d3b13wpfqo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003304; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ympr1h104u7knk54d3b13wpfqo|03|biz"; nocase; ) # 1469c6z1sskyiesoin7jpl6ljt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003305; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1469c6z1sskyiesoin7jpl6ljt|03|com"; nocase; ) # cs72g5e1l5bdo8lfbt136omnn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003306; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cs72g5e1l5bdo8lfbt136omnn|03|net"; nocase; ) # 164k6ow180x8hc1m2c2k1w40zdk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003307; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|164k6ow180x8hc1m2c2k1w40zdk|03|net"; nocase; ) # 1hde1r3r302kcj8sp17mwdlj1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003308; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1hde1r3r302kcj8sp17mwdlj1|03|biz"; nocase; ) # 1v7o9lido6o4uui8j3h156h6sz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003309; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1v7o9lido6o4uui8j3h156h6sz|03|net"; nocase; ) # dygnxy1m5xm5f7zw4xa1r926k8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003310; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|dygnxy1m5xm5f7zw4xa1r926k8|03|net"; nocase; ) # 1t2fgwczc5kjv1kh2du91qyokwg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003311; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t2fgwczc5kjv1kh2du91qyokwg|03|com"; nocase; ) # naspib1pc5pzq1yzgqr41w01xgm.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003312; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|naspib1pc5pzq1yzgqr41w01xgm|03|net"; nocase; ) # ygphehzhsq575lx6k3u67uy.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003313; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|ygphehzhsq575lx6k3u67uy|03|com"; nocase; ) # 1f37fdz3gxzdu1n5kgz11mapx40.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003314; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f37fdz3gxzdu1n5kgz11mapx40|03|net"; nocase; ) # tn01wl1j5vvkw148b74nhm4ixq.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003315; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tn01wl1j5vvkw148b74nhm4ixq|03|com"; nocase; ) # 32b33i1p0xwrzzswafk2ervr.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003316; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|32b33i1p0xwrzzswafk2ervr|03|org"; nocase; ) # 1yhjdrd1way5nh14ygkvt1ktlsw5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003317; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yhjdrd1way5nh14ygkvt1ktlsw5|03|org"; nocase; ) # qq8k7b1pr96gq19j0xl319elrye.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003318; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|qq8k7b1pr96gq19j0xl319elrye|03|biz"; nocase; ) # qh6or088k2uww0pwd014e27ow.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003319; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|qh6or088k2uww0pwd014e27ow|03|net"; nocase; ) # 1mohrb84xuwv5er44wd4rcz3t.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003320; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1mohrb84xuwv5er44wd4rcz3t|03|com"; nocase; ) # 1uqbmtq5knty1daddwosk1me2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003321; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1uqbmtq5knty1daddwosk1me2|03|com"; nocase; ) # io8x7d1oqwxoiknm8s81itdukg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003322; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|io8x7d1oqwxoiknm8s81itdukg|03|org"; nocase; ) # n1ljrcd7gw1p2lcxtlooa6qw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003323; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|n1ljrcd7gw1p2lcxtlooa6qw|03|com"; nocase; ) # i076gx1j2fygl1urtrk4o91bbp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003324; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i076gx1j2fygl1urtrk4o91bbp|03|org"; nocase; ) # z4h8d8ipx58l14rgxxvav33xe.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003325; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z4h8d8ipx58l14rgxxvav33xe|03|net"; nocase; ) # 1yhdkxf1z8ye7djmb7u1bxdzie.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003326; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1yhdkxf1z8ye7djmb7u1bxdzie|03|net"; nocase; ) # 1fyq39diclrzg984hx111je3wi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003327; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fyq39diclrzg984hx111je3wi|03|com"; nocase; ) # 1xb21y91eqekly1tgoh5g10aly5i.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003328; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1xb21y91eqekly1tgoh5g10aly5i|03|net"; nocase; ) # 18da5fbt2f82n1rld8ka18d5lns.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003329; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18da5fbt2f82n1rld8ka18d5lns|03|net"; nocase; ) # 18tlrc11h1kfg91foxry4vf6t6h.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003330; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18tlrc11h1kfg91foxry4vf6t6h|03|net"; nocase; ) # 98x4fvq0x6x1kziq6o1ktw1ct.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003331; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|98x4fvq0x6x1kziq6o1ktw1ct|03|org"; nocase; ) # 1msg5uj17fncgvzd38dvue9m9v.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003332; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1msg5uj17fncgvzd38dvue9m9v|03|org"; nocase; ) # xylfke1kus13r1xn8n5r1wrlxgz.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003333; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|xylfke1kus13r1xn8n5r1wrlxgz|03|org"; nocase; ) # edsm181k3jne1hv5grxkjoum.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003334; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|edsm181k3jne1hv5grxkjoum|03|org"; nocase; ) # 17fkyw754n9it176wg23ognill.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003335; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|17fkyw754n9it176wg23ognill|03|net"; nocase; ) # i941xn1yp4ai7exhay83myfal.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003336; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i941xn1yp4ai7exhay83myfal|03|net"; nocase; ) # tgsqv6hi9jjrtz0qb4iby12d.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003337; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|tgsqv6hi9jjrtz0qb4iby12d|03|com"; nocase; ) # 97zg2s1j5wmhf1pq4y721nsmrxs.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003338; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|97zg2s1j5wmhf1pq4y721nsmrxs|03|net"; nocase; ) # 1ln0n8e16s4xkk1gjgv9tifpoqx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003339; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ln0n8e16s4xkk1gjgv9tifpoqx|03|com"; nocase; ) # 84d1zy1qc9rq81ommk4u1hd337b.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003340; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|84d1zy1qc9rq81ommk4u1hd337b|03|net"; nocase; ) # 1xjyl8s2lbi886kpu3u7wg0jc.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003341; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1xjyl8s2lbi886kpu3u7wg0jc|03|net"; nocase; ) # 18ulk7z1qr6ig918g8dicovk52g.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003342; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|18ulk7z1qr6ig918g8dicovk52g|03|com"; nocase; ) # 1t607131fwwg1t1b0eydlcw1xm2.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003343; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t607131fwwg1t1b0eydlcw1xm2|03|com"; nocase; ) # 5p3d73hvb9aa1clca7vvo5tt.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003344; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|5p3d73hvb9aa1clca7vvo5tt|03|com"; nocase; ) # rc5a79i2q9f8tne4dk1y81bo1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003345; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|rc5a79i2q9f8tne4dk1y81bo1|03|net"; nocase; ) # 1d4szvo4ibbvz1lssoul1e58z56.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003346; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1d4szvo4ibbvz1lssoul1e58z56|03|biz"; nocase; ) # 14v6naw15ne1t13wr8cra379b4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003347; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14v6naw15ne1t13wr8cra379b4|03|net"; nocase; ) # 1b1pwpo12v5g745fkz8y1lclei8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003348; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1b1pwpo12v5g745fkz8y1lclei8|03|com"; nocase; ) # 1lotcrhw3zglhqznwsqv1zrm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003349; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|1lotcrhw3zglhqznwsqv1zrm|03|org"; nocase; ) # 1o3cgm612r84qa1h2qrkzxyzp99.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003350; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1o3cgm612r84qa1h2qrkzxyzp99|03|com"; nocase; ) # yce8kjuqo8ln1wnmhzkf12duu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003351; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yce8kjuqo8ln1wnmhzkf12duu|03|org"; nocase; ) # 1qxcpraffrvf234fxjq11wz4gx.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003352; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qxcpraffrvf234fxjq11wz4gx|03|net"; nocase; ) # 1msq2u416zob1h29njo110mvz5t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003353; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1msq2u416zob1h29njo110mvz5t|03|org"; nocase; ) # 1xk7yn61skrd8510vj2vxdednzw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003354; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xk7yn61skrd8510vj2vxdednzw|03|net"; nocase; ) # 1fzvprn37cwfk1cpxssfrkeble.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003355; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1fzvprn37cwfk1cpxssfrkeble|03|com"; nocase; ) # f1j8al5e33tfbhcwib17d9ud4.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003356; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|f1j8al5e33tfbhcwib17d9ud4|03|net"; nocase; ) # 1kzw1dxrz8xj312r688h18xrxpz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003357; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kzw1dxrz8xj312r688h18xrxpz|03|net"; nocase; ) # 16biez21geg22y1nzqmew70v82g.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003358; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|16biez21geg22y1nzqmew70v82g|03|net"; nocase; ) # 1b0uxb3lk4cqo15vdh9z1pc3ws.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003359; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1b0uxb3lk4cqo15vdh9z1pc3ws|03|net"; nocase; ) # 377jbs1c74szu14wbvtd1f3ijp0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003360; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|377jbs1c74szu14wbvtd1f3ijp0|03|org"; nocase; ) # 6ktwu71rtkvp31qv8j4q1myh7yo.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003361; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|6ktwu71rtkvp31qv8j4q1myh7yo|03|org"; nocase; ) # et0w9i13kanld1mmxqe1ntmsw3.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003362; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|et0w9i13kanld1mmxqe1ntmsw3|03|org"; nocase; ) # 17mpkuc1xcgwkzkg6zd31o9n3p7.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003363; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17mpkuc1xcgwkzkg6zd31o9n3p7|03|com"; nocase; ) # 1a6yqkq118hxbf15krczutgq7p1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003364; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1a6yqkq118hxbf15krczutgq7p1|03|biz"; nocase; ) # iq7156lttcoq1u4qh4u1uc9xj1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003365; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|iq7156lttcoq1u4qh4u1uc9xj1|03|biz"; nocase; ) # 1ws8y3h1n1u3pu7s5tva26olvw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003366; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ws8y3h1n1u3pu7s5tva26olvw|03|org"; nocase; ) # 1j63gw01qk81aed3i5pj1qf0qub.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003367; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j63gw01qk81aed3i5pj1qf0qub|03|org"; nocase; ) # 8yod4b167my841oume5a16bc07j.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003368; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|8yod4b167my841oume5a16bc07j|03|net"; nocase; ) # 1sck70f1yayrsqhyy0tmh3p9b.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003369; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1sck70f1yayrsqhyy0tmh3p9b|03|org"; nocase; ) # 1mni74s1rs2s4i18yynfu11rkt2y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003370; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1mni74s1rs2s4i18yynfu11rkt2y|03|net"; nocase; ) # 1rwurs21fcbeuv1peqaozvee82u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003371; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rwurs21fcbeuv1peqaozvee82u|03|com"; nocase; ) # clpyi052pcdnd89kwjnats4u.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003372; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|clpyi052pcdnd89kwjnats4u|03|biz"; nocase; ) # 1lv5e2xc4ny8k138qm1a112m0ne.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003373; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lv5e2xc4ny8k138qm1a112m0ne|03|com"; nocase; ) # g0zbc8scgs2xkkxmad17bpqb1.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003374; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g0zbc8scgs2xkkxmad17bpqb1|03|net"; nocase; ) # 21ztdt1obvor1msmxtmrlt9zv.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003375; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|21ztdt1obvor1msmxtmrlt9zv|03|com"; nocase; ) # 1evbh9k9wlapynzmptl1c8cx1t.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003376; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1evbh9k9wlapynzmptl1c8cx1t|03|org"; nocase; ) # fxsqgk1s2qqkd9pn8vm15tpxjh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003377; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fxsqgk1s2qqkd9pn8vm15tpxjh|03|org"; nocase; ) # 1k4xhkr1vbgphdyv2omfokgqzo.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003378; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1k4xhkr1vbgphdyv2omfokgqzo|03|net"; nocase; ) # 1qgl3o613xhhu11f0wvhpjtdny4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003379; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qgl3o613xhhu11f0wvhpjtdny4|03|org"; nocase; ) # 9bmxpcesliif139sqeyxwcay5.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003380; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9bmxpcesliif139sqeyxwcay5|03|com"; nocase; ) # 1f0jl1j1pr22bb1se1fdkkk57p0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003381; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f0jl1j1pr22bb1se1fdkkk57p0|03|net"; nocase; ) # ccs43x12fonea1qz7zo1bv1g8e.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003382; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ccs43x12fonea1qz7zo1bv1g8e|03|com"; nocase; ) # 1f5iyxu1plbbcjc9mrutigx4td.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003383; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1f5iyxu1plbbcjc9mrutigx4td|03|net"; nocase; ) # 1f50w5u1t25oy01yaqyhi5hkfpi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003384; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1f50w5u1t25oy01yaqyhi5hkfpi|03|com"; nocase; ) # 11pn0i6pmy7dm1lxd253it8los.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003385; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11pn0i6pmy7dm1lxd253it8los|03|biz"; nocase; ) # hn3rahwnzf0numvk5m1caj024.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003386; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hn3rahwnzf0numvk5m1caj024|03|com"; nocase; ) # 1gw1m5ke8pe1xrf7lml1g3lrgf.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003387; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1gw1m5ke8pe1xrf7lml1g3lrgf|03|com"; nocase; ) # 1nf6fco5l4fib1vw07yyf539j6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003388; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nf6fco5l4fib1vw07yyf539j6|03|net"; nocase; ) # 15c02qd990em26applv1bkxhg8.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003389; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|15c02qd990em26applv1bkxhg8|03|org"; nocase; ) # sfwnzaovm7yr1537sass4dn8k.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003390; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|sfwnzaovm7yr1537sass4dn8k|03|org"; nocase; ) # 83qimz1shmb41w0sbqy1pg9mnn.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003391; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|83qimz1shmb41w0sbqy1pg9mnn|03|org"; nocase; ) # 1t7cxb9a1ox591iq2ui959iv53.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003392; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1t7cxb9a1ox591iq2ui959iv53|03|biz"; nocase; ) # fw4y3q1sl93gj11uwp0avmx6ec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003393; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|fw4y3q1sl93gj11uwp0avmx6ec|03|com"; nocase; ) # 19pfj88xjx3s31lt297l1rdhk37.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003394; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19pfj88xjx3s31lt297l1rdhk37|03|net"; nocase; ) # g9iouo1tw0ahkehovbizl1gvm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003395; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|g9iouo1tw0ahkehovbizl1gvm|03|biz"; nocase; ) # tt62t117p2ox1k1ruol1s44w1d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003396; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|tt62t117p2ox1k1ruol1s44w1d|03|net"; nocase; ) # 129xiz768r4001r5tyy310oivy0.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003397; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|129xiz768r4001r5tyy310oivy0|03|org"; nocase; ) # r6l2j61n0hqw11sgig6w7usdw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003398; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|r6l2j61n0hqw11sgig6w7usdw|03|net"; nocase; ) # a0n428o790ro1ygving1j1g3pf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003399; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|a0n428o790ro1ygving1j1g3pf|03|biz"; nocase; ) # mi7xsm1muid8s1kp1cyzew2owo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003400; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|mi7xsm1muid8s1kp1cyzew2owo|03|com"; nocase; ) # z21xrr10x35er1dudlzfl7bc4q.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003401; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|z21xrr10x35er1dudlzfl7bc4q|03|biz"; nocase; ) # xlbzc6lfs4q85p6wymae80x2.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003402; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xlbzc6lfs4q85p6wymae80x2|03|biz"; nocase; ) # 1wb1f9xqzwwhry5pu6a1uebyuq.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003403; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1wb1f9xqzwwhry5pu6a1uebyuq|03|net"; nocase; ) # 18vyycjdmylolc2lz1z10v7sbh.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003404; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|18vyycjdmylolc2lz1z10v7sbh|03|org"; nocase; ) # b88i0l1wwuyv3enjx3h1jjhl6y.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003405; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|b88i0l1wwuyv3enjx3h1jjhl6y|03|org"; nocase; ) # 6i3fcwx8wieggnwxrd3id0kj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003406; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|6i3fcwx8wieggnwxrd3id0kj|03|net"; nocase; ) # yjhu0ipmtnqu10dyljbdau4gw.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003407; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yjhu0ipmtnqu10dyljbdau4gw|03|com"; nocase; ) # 116wdpc102jjc6t1ap231lurn13.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003408; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|116wdpc102jjc6t1ap231lurn13|03|net"; nocase; ) # 9pgiim1xanl4qyqy4lke2zz9r.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003409; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9pgiim1xanl4qyqy4lke2zz9r|03|com"; nocase; ) # om5opb3nzhvubqnd1m1fdoave.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003410; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|om5opb3nzhvubqnd1m1fdoave|03|net"; nocase; ) # 1u107saeagh2gyrjq2iomeitd.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003411; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1u107saeagh2gyrjq2iomeitd|03|biz"; nocase; ) # roqibgawvvwpat1rzx1wskk2z.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003412; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|roqibgawvvwpat1rzx1wskk2z|03|com"; nocase; ) # 178w166i1yl6r1llh9qz10kc1hw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003413; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|178w166i1yl6r1llh9qz10kc1hw|03|net"; nocase; ) # bz8p5f1q4p6aoo3h8171l8cdap.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003414; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|bz8p5f1q4p6aoo3h8171l8cdap|03|com"; nocase; ) # 1sgxocp1guoi7n1myq3hy9yvt9m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003415; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1sgxocp1guoi7n1myq3hy9yvt9m|03|net"; nocase; ) # 1rkc8l9q6bb9w1b2kbwm1xzx2ob.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003416; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1rkc8l9q6bb9w1b2kbwm1xzx2ob|03|net"; nocase; ) # 1d9qcodw2vjmgnop9lc1m6743z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003417; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1d9qcodw2vjmgnop9lc1m6743z|03|org"; nocase; ) # 9evr2i1vm84p11bggb37fqptfx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003418; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|9evr2i1vm84p11bggb37fqptfx|03|com"; nocase; ) # 1abcr8a1by2efo1q4bp7z1n6r183.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003419; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1abcr8a1by2efo1q4bp7z1n6r183|03|com"; nocase; ) # tovt7w5n1wwoztwh92cz78j.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003420; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|17|tovt7w5n1wwoztwh92cz78j|03|org"; nocase; ) # xnf1oni0ak0al7txxnwlekj6.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003421; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xnf1oni0ak0al7txxnwlekj6|03|org"; nocase; ) # 1vr0b7rw36dp0sfn3wt72w5la.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003422; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vr0b7rw36dp0sfn3wt72w5la|03|biz"; nocase; ) # 1v3oubadep330sxtx5lsraac9.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003423; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1v3oubadep330sxtx5lsraac9|03|net"; nocase; ) # 16iqobjgbzz39mgoij011nbx24.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003424; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|16iqobjgbzz39mgoij011nbx24|03|com"; nocase; ) # 2jz35jqale3ug3e6kxlbt1ou.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003425; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|2jz35jqale3ug3e6kxlbt1ou|03|com"; nocase; ) # 1kvwh981d0s1b71sgsklv1qh72gn.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003426; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1kvwh981d0s1b71sgsklv1qh72gn|03|net"; nocase; ) # xafyj1b3arda4fpaxf1elt6yi.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003427; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xafyj1b3arda4fpaxf1elt6yi|03|com"; nocase; ) # 11d7pqeb173hlmy93o91m9mgv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003428; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|11d7pqeb173hlmy93o91m9mgv1|03|com"; nocase; ) # 44uglt1szj0l9xd11mvkl6so4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003429; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|44uglt1szj0l9xd11mvkl6so4|03|org"; nocase; ) # m7kk6d1ojbhzx5o2hck1gcu263.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003430; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|m7kk6d1ojbhzx5o2hck1gcu263|03|biz"; nocase; ) # jqtr8e1oxwn0zyfnzzelugvkp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003431; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jqtr8e1oxwn0zyfnzzelugvkp|03|net"; nocase; ) # az5pxhty0saawfff87kfrah2.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003432; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|az5pxhty0saawfff87kfrah2|03|net"; nocase; ) # ax0eqdsqa7vo1i7fipz143ofhl.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003433; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ax0eqdsqa7vo1i7fipz143ofhl|03|biz"; nocase; ) # 1se5z5kqbt4rpdvc1bj50ctq4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003434; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1se5z5kqbt4rpdvc1bj50ctq4|03|org"; nocase; ) # 5bw3fj15xk9xg1jhbunm1pilx3v.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003435; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|5bw3fj15xk9xg1jhbunm1pilx3v|03|biz"; nocase; ) # 1qrbuqf1ggug7dvpy11z1vd7r12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003436; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1qrbuqf1ggug7dvpy11z1vd7r12|03|com"; nocase; ) # 1yotcco1uhs94y1d2txjseb4ggv.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003437; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1yotcco1uhs94y1d2txjseb4ggv|03|net"; nocase; ) # znjyntr7u59v1rd2apt170lp2z.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003438; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|znjyntr7u59v1rd2apt170lp2z|03|org"; nocase; ) # 1en8iql1hnv3ck10eodvs1d13p1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003439; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1en8iql1hnv3ck10eodvs1d13p1|03|com"; nocase; ) # 17oz1o8rjicuh1gf56qy12f0vm4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003440; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17oz1o8rjicuh1gf56qy12f0vm4|03|org"; nocase; ) # bhfxb6nqz0kenrzura12ozp1x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003441; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|bhfxb6nqz0kenrzura12ozp1x|03|biz"; nocase; ) # j8girh1o18g0mysczx31l31mu1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003442; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j8girh1o18g0mysczx31l31mu1|03|org"; nocase; ) # 4rrlw77azj2z1qnouw3yie333.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003443; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4rrlw77azj2z1qnouw3yie333|03|com"; nocase; ) # 1k3edfl7546zb4f5vo0i7s0u4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003444; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1k3edfl7546zb4f5vo0i7s0u4|03|org"; nocase; ) # 1kqmvbw156at1p1ew3t4ot8spv1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003445; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1kqmvbw156at1p1ew3t4ot8spv1|03|com"; nocase; ) # c21nufqh7qc1rq3mro1qqa46v.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003446; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|c21nufqh7qc1rq3mro1qqa46v|03|net"; nocase; ) # 9o8i2nhd3zyy1m9yzozgocy7x.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003447; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|9o8i2nhd3zyy1m9yzozgocy7x|03|org"; nocase; ) # oz9qajsnk4mk1ti21oq9x9mm8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003448; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|oz9qajsnk4mk1ti21oq9x9mm8|03|net"; nocase; ) # 128az2a1fznpzmh3wh8x1utc0e0.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003449; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|128az2a1fznpzmh3wh8x1utc0e0|03|biz"; nocase; ) # hx8k8r129i4es1r4296w1wo5cbm.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003450; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|hx8k8r129i4es1r4296w1wo5cbm|03|biz"; nocase; ) # b4magcyj2sm3b1llrjb6mwe7.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003451; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|b4magcyj2sm3b1llrjb6mwe7|03|org"; nocase; ) # 1cv2zs1p7um44hakb3faahy7u.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003452; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1cv2zs1p7um44hakb3faahy7u|03|com"; nocase; ) # rmindqe207ve12pgj5v194fpjf.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003453; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|rmindqe207ve12pgj5v194fpjf|03|biz"; nocase; ) # q77ucp1uyuze51wgx79nz9ta85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003454; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|q77ucp1uyuze51wgx79nz9ta85|03|net"; nocase; ) # e4lixex5ozn91ncvg7z7la2mz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003455; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e4lixex5ozn91ncvg7z7la2mz|03|biz"; nocase; ) # 136w5021517d0dcbdwt37eudr1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003456; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|136w5021517d0dcbdwt37eudr1|03|org"; nocase; ) # 1pkzaj1ax6ujw1ilrlv51vg77ei.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003457; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1pkzaj1ax6ujw1ilrlv51vg77ei|03|com"; nocase; ) # 1wux5c6apow6t6ms5jespyn33.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003458; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1wux5c6apow6t6ms5jespyn33|03|com"; nocase; ) # 1rmw1sv1kvey271v5gbs51ldfuf4.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003459; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1rmw1sv1kvey271v5gbs51ldfuf4|03|com"; nocase; ) # 1l9pqsm7exq4jzhch8u3qfs5y.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003460; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l9pqsm7exq4jzhch8u3qfs5y|03|biz"; nocase; ) # 1jj98f035kyoesoxl761gu820d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003461; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1jj98f035kyoesoxl761gu820d|03|net"; nocase; ) # 16h3rs11hum05t1t6xoel1ckrzw6.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003462; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|16h3rs11hum05t1t6xoel1ckrzw6|03|biz"; nocase; ) # fkcnoy15ut0xgoaw53g9afhlp.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003463; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|fkcnoy15ut0xgoaw53g9afhlp|03|net"; nocase; ) # tz7ueb1al1zsm1yol76i1t1yqqb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003464; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|tz7ueb1al1zsm1yol76i1t1yqqb|03|biz"; nocase; ) # 1afhsqg1derh6tpqzsmu0k5d4.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003465; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1afhsqg1derh6tpqzsmu0k5d4|03|org"; nocase; ) # i32cdvolwlf51xfjgos8ye2xg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003466; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|i32cdvolwlf51xfjgos8ye2xg|03|org"; nocase; ) # 1l0epfihmcz2nk2boi11xoszk.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003467; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1l0epfihmcz2nk2boi11xoszk|03|com"; nocase; ) # w2birpx1mpek151j1sxg288c3.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003468; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|w2birpx1mpek151j1sxg288c3|03|biz"; nocase; ) # m1rxoyfbkq8l7s2nq31vcs1vi.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003469; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|m1rxoyfbkq8l7s2nq31vcs1vi|03|net"; nocase; ) # p0czgk1i8ngj01qfe5xxlit567.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003470; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|p0czgk1i8ngj01qfe5xxlit567|03|com"; nocase; ) # 1nigjlyzh2n99j4o0ly1nykd85.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003471; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nigjlyzh2n99j4o0ly1nykd85|03|net"; nocase; ) # k3vsy61tvujyjdm7yyzh4jqbp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003472; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|k3vsy61tvujyjdm7yyzh4jqbp|03|com"; nocase; ) # 1kd6dy3c3i83bd8h5yb1hbmieu.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003473; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1kd6dy3c3i83bd8h5yb1hbmieu|03|org"; nocase; ) # 1og9e111xjqxpttzlckpz8yjoy.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003474; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1og9e111xjqxpttzlckpz8yjoy|03|org"; nocase; ) # yzqlj1wem28m1seg5grtv58ur.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003475; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|yzqlj1wem28m1seg5grtv58ur|03|org"; nocase; ) # 1pg6juhd11xdlbgqoy51lqrkp7.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003476; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pg6juhd11xdlbgqoy51lqrkp7|03|net"; nocase; ) # cj877wnfbsjs1rcajzzhwo8kh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003477; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|cj877wnfbsjs1rcajzzhwo8kh|03|net"; nocase; ) # 1jzff9umuw03io79d1q42ky2h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003478; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1jzff9umuw03io79d1q42ky2h|03|org"; nocase; ) # 1ulxwjdeilhczr9g6nw7r2gjl.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003479; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1ulxwjdeilhczr9g6nw7r2gjl|03|com"; nocase; ) # 1nce5d81nzhzxk1l5rupwl66pj1.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003480; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nce5d81nzhzxk1l5rupwl66pj1|03|org"; nocase; ) # jichll5hg5veemp2rs1otombh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003481; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|jichll5hg5veemp2rs1otombh|03|net"; nocase; ) # 1id06sdiha4801qa9ph38m3dat.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003482; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1id06sdiha4801qa9ph38m3dat|03|com"; nocase; ) # 1uvp1o31vlc2oq1crcnsa18ijamw.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003483; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1uvp1o31vlc2oq1crcnsa18ijamw|03|net"; nocase; ) # vo760f1u6cfjk99hkr3t8gjzm.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003484; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|vo760f1u6cfjk99hkr3t8gjzm|03|org"; nocase; ) # 1figsndzg0gwe3b5u5et9dlv6.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003485; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1figsndzg0gwe3b5u5et9dlv6|03|net"; nocase; ) # 1h7482710uqh5kff06ovm7s4sp.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003486; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1h7482710uqh5kff06ovm7s4sp|03|org"; nocase; ) # h7stke3c4efxv9efly1jrha64.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003487; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|h7stke3c4efxv9efly1jrha64|03|com"; nocase; ) # 4o7vwx1uw5ozs11bwxtsl03e0k.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003488; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|4o7vwx1uw5ozs11bwxtsl03e0k|03|biz"; nocase; ) # 5kqk4ivcii9gy1akiu19n6lqd.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003489; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|5kqk4ivcii9gy1akiu19n6lqd|03|com"; nocase; ) # 1t4o4921ap02lvlefjqi1v86ggg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003490; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1t4o4921ap02lvlefjqi1v86ggg|03|org"; nocase; ) # hxl1fw44ng1i13cdujdl0wb8m.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003491; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hxl1fw44ng1i13cdujdl0wb8m|03|net"; nocase; ) # gzi61xz6sqopigwniep6uur0.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003492; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|gzi61xz6sqopigwniep6uur0|03|net"; nocase; ) # x0hrqkunl94ykf9o1kew1oty.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003493; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|x0hrqkunl94ykf9o1kew1oty|03|biz"; nocase; ) # 1st9i5l15ca348vliybk1qvvwiq.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003494; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1st9i5l15ca348vliybk1qvvwiq|03|org"; nocase; ) # np5x161q9rezc1wgyox0188gem9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003495; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|np5x161q9rezc1wgyox0188gem9|03|biz"; nocase; ) # 1pddgj6qq4gwue3bwps1rdos3d.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003496; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1pddgj6qq4gwue3bwps1rdos3d|03|net"; nocase; ) # jhph3i1crtg3x1uqj73t343zvx.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003497; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|jhph3i1crtg3x1uqj73t343zvx|03|biz"; nocase; ) # hbusdnnk92kf1el0950t9y1s.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003498; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|hbusdnnk92kf1el0950t9y1s|03|biz"; nocase; ) # 1qfcog48s19wd1lkrfzp90alch.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003499; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1qfcog48s19wd1lkrfzp90alch|03|net"; nocase; ) # 48td34jw7pvuuspa5a1rlbjim.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003500; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|48td34jw7pvuuspa5a1rlbjim|03|org"; nocase; ) # 17tbtjhlmueyg18uwqcq1gtycpz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003501; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|17tbtjhlmueyg18uwqcq1gtycpz|03|net"; nocase; ) # 1mwyn4etkfjrh12r2c1q1y3f4k1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003502; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1mwyn4etkfjrh12r2c1q1y3f4k1|03|com"; nocase; ) # 1j87ble1difme9cspwmd1bu19jr.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003503; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1j87ble1difme9cspwmd1bu19jr|03|net"; nocase; ) # 14znx2ecnwr2h4574q71p2rv8f.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003504; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|14znx2ecnwr2h4574q71p2rv8f|03|com"; nocase; ) # 1knskl16walu912iew4v1whr0ki.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003505; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1knskl16walu912iew4v1whr0ki|03|net"; nocase; ) # e3y7uuhtexg91s0bz4d2tm3ak.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003506; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|e3y7uuhtexg91s0bz4d2tm3ak|03|net"; nocase; ) # 184okd91kp1j756602273raz5m.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003507; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|184okd91kp1j756602273raz5m|03|com"; nocase; ) # 6sqoa6ypc12f22zbik10t03pl.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003508; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|6sqoa6ypc12f22zbik10t03pl|03|net"; nocase; ) # dzxbx71kdlu1v4pm5jg1xx4t9.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003509; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dzxbx71kdlu1v4pm5jg1xx4t9|03|com"; nocase; ) # 1nbo1sby8zwf817zr82pvck55g.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003510; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1nbo1sby8zwf817zr82pvck55g|03|biz"; nocase; ) # tgvx2a9ogtco18xr5ncxvxi00.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003511; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|tgvx2a9ogtco18xr5ncxvxi00|03|org"; nocase; ) # i1cmky1v1qv6di802vb18ypecy.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003512; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|i1cmky1v1qv6di802vb18ypecy|03|biz"; nocase; ) # 1v8mr01bubx2e16a1hvl12599h8.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003513; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1v8mr01bubx2e16a1hvl12599h8|03|com"; nocase; ) # yt8o3c1907yqlyn2juin1beg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003514; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|yt8o3c1907yqlyn2juin1beg|03|org"; nocase; ) # 1ald0171pgvr1x1q0p6hzw6q1ni.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003515; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1ald0171pgvr1x1q0p6hzw6q1ni|03|biz"; nocase; ) # xpqcnnagu0ksw5disb15ubqlo.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003516; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|xpqcnnagu0ksw5disb15ubqlo|03|biz"; nocase; ) # 1gnvqqt7ig5i8lk00n3tpc8nb.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003517; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1gnvqqt7ig5i8lk00n3tpc8nb|03|com"; nocase; ) # 1yjketj1kc8l7g15wdrc11qd2zbo.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003518; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1yjketj1kc8l7g15wdrc11qd2zbo|03|com"; nocase; ) # ru1o4c19v5jsd1bzt4ven79x6h.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003519; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ru1o4c19v5jsd1bzt4ven79x6h|03|org"; nocase; ) # 15d0bat1qg7bzu1ngo33b1tu6gqh.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003520; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|15d0bat1qg7bzu1ngo33b1tu6gqh|03|com"; nocase; ) # 1lo2ifcag0l28115mcqo11avcce.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003521; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1lo2ifcag0l28115mcqo11avcce|03|biz"; nocase; ) # 13q3js4sgo7481tsjetpw5wpec.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003522; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|13q3js4sgo7481tsjetpw5wpec|03|com"; nocase; ) # xsdlqa1m3g2868vygnp8cojh.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003523; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|xsdlqa1m3g2868vygnp8cojh|03|net"; nocase; ) # 5l84mp1nbe2qk1p8r7kixuhbcx.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003524; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5l84mp1nbe2qk1p8r7kixuhbcx|03|org"; nocase; ) # 8q4om1uqnhc7fp6rnvqt0isz.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003525; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|8q4om1uqnhc7fp6rnvqt0isz|03|net"; nocase; ) # vifg7w1wmmhii1nzvbr81vsbdb1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003526; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|vifg7w1wmmhii1nzvbr81vsbdb1|03|com"; nocase; ) # dfi7rw1c8n5zxuax8hgbm6722.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003527; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dfi7rw1c8n5zxuax8hgbm6722|03|net"; nocase; ) # 1kkol9ch66v2rc4fa86pq9t4a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003528; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1kkol9ch66v2rc4fa86pq9t4a|03|net"; nocase; ) # 1p8n5vc1bbrrv77vrzamepii12.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003529; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1p8n5vc1bbrrv77vrzamepii12|03|com"; nocase; ) # 1xmr49q5bye27101ittk15zfkvu.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003530; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1xmr49q5bye27101ittk15zfkvu|03|net"; nocase; ) # n1520vtn3h161xps6qj3erooz.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003531; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|n1520vtn3h161xps6qj3erooz|03|biz"; nocase; ) # hbfndk1rp6o4oc40hy5oeuwan.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003532; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|hbfndk1rp6o4oc40hy5oeuwan|03|org"; nocase; ) # 1x94h5t1by8i151ig91c018qi7u5.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003533; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1x94h5t1by8i151ig91c018qi7u5|03|org"; nocase; ) # 4sms6xfatnehf393cl1peukkg.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003534; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|4sms6xfatnehf393cl1peukkg|03|com"; nocase; ) # 1bd56spy32n8jeovrruzkdcs1.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003535; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1bd56spy32n8jeovrruzkdcs1|03|com"; nocase; ) # 79wber1r22fhziw8l2c4p2smt.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003536; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|79wber1r22fhziw8l2c4p2smt|03|biz"; nocase; ) # 10o678v1t5jh6k1tzf2s5mqqvk1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003537; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|10o678v1t5jh6k1tzf2s5mqqvk1|03|biz"; nocase; ) # j3qe09t8lfk71hlco2w1328foj.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003538; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|j3qe09t8lfk71hlco2w1328foj|03|net"; nocase; ) # yf684a15wx3ym2xs46x1kxz4ns.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003539; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|yf684a15wx3ym2xs46x1kxz4ns|03|com"; nocase; ) # 46xm7rswt2cy703khwbfom0s.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003540; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|46xm7rswt2cy703khwbfom0s|03|org"; nocase; ) # ha7i4q1i2en2b13kx2e4ac1w0y.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003541; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|ha7i4q1i2en2b13kx2e4ac1w0y|03|net"; nocase; ) # fq0p3s68wpnyooyx92qc280o.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003542; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|fq0p3s68wpnyooyx92qc280o|03|net"; nocase; ) # 1juxvul1y25wyn1xlm8ap1mz468x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003543; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1c|1juxvul1y25wyn1xlm8ap1mz468x|03|net"; nocase; ) # hhd2lc1vvxl01uipv0s14ej5l2.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003544; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|hhd2lc1vvxl01uipv0s14ej5l2|03|org"; nocase; ) # 1ybsu7n1nx1elvo4rd76m9em8p.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003545; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1ybsu7n1nx1elvo4rd76m9em8p|03|net"; nocase; ) # dfq23zn0rbww1493rcdf798ip.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003546; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|dfq23zn0rbww1493rcdf798ip|03|net"; nocase; ) # 1nn3svi6fxjw11wic0uu1mar0zw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003547; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1nn3svi6fxjw11wic0uu1mar0zw|03|org"; nocase; ) # 1bttdi27zw8xj1wvci4b1adp49x.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003548; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1bttdi27zw8xj1wvci4b1adp49x|03|biz"; nocase; ) # e1osfw1b6fzq81mewxbq11x26dp.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003549; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|e1osfw1b6fzq81mewxbq11x26dp|03|biz"; nocase; ) # zo3oah17bsf37h8i7vi103hvxk.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003550; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|zo3oah17bsf37h8i7vi103hvxk|03|net"; nocase; ) # 1mm0sbi7c5lu21poxlhb4z50xx.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003551; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1mm0sbi7c5lu21poxlhb4z50xx|03|com"; nocase; ) # 1otmnfp1b92rs71ovysoxb7haa8.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003552; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1otmnfp1b92rs71ovysoxb7haa8|03|net"; nocase; ) # 1vnmwa667vdceepxgp7z3w9c8.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003553; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|1vnmwa667vdceepxgp7z3w9c8|03|biz"; nocase; ) # 1lr28cz1easo1kun4zs1nwuykb.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003554; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|1lr28cz1easo1kun4zs1nwuykb|03|biz"; nocase; ) # 19lf08b1lpe1kh1xes9k5chlduw.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003555; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|19lf08b1lpe1kh1xes9k5chlduw|03|org"; nocase; ) # z2fit81n23anuxrux77chv5zp.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003556; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|19|z2fit81n23anuxrux77chv5zp|03|com"; nocase; ) # 36omfw1misf6952d18314bedh9.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003557; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|36omfw1misf6952d18314bedh9|03|biz"; nocase; ) # 7jyiy412zjx1w1t4h7hy173ph3i.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003558; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|7jyiy412zjx1w1t4h7hy173ph3i|03|com"; nocase; ) # gv70wp1lzirca1rfwigmcnp35a.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003559; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|gv70wp1lzirca1rfwigmcnp35a|03|net"; nocase; ) # 1683e43hzqe4v18h08y5174x5xy.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003560; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1683e43hzqe4v18h08y5174x5xy|03|net"; nocase; ) # 5lmyhp141yur3p3i5qn15ub7hg.org [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003561; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1a|5lmyhp141yur3p3i5qn15ub7hg|03|org"; nocase; ) # 1gobufn1o02gfe1wxytxoup2pt1.biz [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003562; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1gobufn1o02gfe1wxytxoup2pt1|03|biz"; nocase; ) # d5rgd2gb6p5dnbiuu015c2bs.com [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003563; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|18|d5rgd2gb6p5dnbiuu015c2bs|03|com"; nocase; ) # 1he7huqoioilw1r3sls31muel6x.net [domain-only (dns) rule] alert udp any any -> any 53 ( msg:"green - botnet"; threshold:type limit,track by_src,count 1,seconds 3600; sid:4000003564; reference:url,osint.bambenekconsulting.com/manual/ptgoz.txt; priority:1; content:"|1b|1he7huqoioilw1r3sls31muel6x|03|net"; nocase; ) # 8eskh5dkeirj534hvgnpousn.net [domain-only (dns) rule] alert udp any