################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset # # Last updated: 2019-03-14 14:24:27 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [181.57.193.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.193.10/; sid:900520998; rev:1;) alert tcp $HOME_NET any -> [70.57.82.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.82.196/; sid:900521001; rev:1;) alert tcp $HOME_NET any -> [80.115.91.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.115.91.222/; sid:900521002; rev:1;) alert tcp $HOME_NET any -> [50.80.248.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.80.248.108/; sid:900521000; rev:1;) alert tcp $HOME_NET any -> [190.146.214.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.214.85/; sid:900520994; rev:1;) alert tcp $HOME_NET any -> [190.15.198.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.198.47/; sid:900520996; rev:1;) alert tcp $HOME_NET any -> [186.3.188.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.188.74/; sid:900520991; rev:1;) alert tcp $HOME_NET any -> [190.117.206.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.206.153/; sid:900520993; rev:1;) alert tcp $HOME_NET any -> [190.146.86.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.86.180/; sid:900520995; rev:1;) alert tcp $HOME_NET any -> [187.207.188.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.188.248/; sid:900520992; rev:1;) alert tcp $HOME_NET any -> [82.78.228.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.228.57/; sid:900520997; rev:1;) alert tcp $HOME_NET any -> [67.248.56.82] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.248.56.82/; sid:900520984; rev:1;) alert tcp $HOME_NET any -> [201.239.154.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.239.154.191/; sid:900520981; rev:1;) alert tcp $HOME_NET any -> [64.46.91.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.46.91.165/; sid:900520982; rev:1;) alert tcp $HOME_NET any -> [64.9.43.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.9.43.60/; sid:900520983; rev:1;) alert tcp $HOME_NET any -> [71.182.128.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.182.128.166/; sid:900520985; rev:1;) alert tcp $HOME_NET any -> [76.168.149.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.168.149.66/; sid:900520986; rev:1;) alert tcp $HOME_NET any -> [189.209.217.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.209.217.49/; sid:900520979; rev:1;) alert tcp $HOME_NET any -> [160.3.238.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.3.238.131/; sid:900520987; rev:1;) alert tcp $HOME_NET any -> [190.97.219.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.219.241/; sid:900520980; rev:1;) alert tcp $HOME_NET any -> [181.40.122.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.40.122.122/; sid:900521005; rev:1;) alert tcp $HOME_NET any -> [139.59.19.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.19.157/; sid:900520975; rev:1;) alert tcp $HOME_NET any -> [181.228.211.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.211.100/; sid:900520978; rev:1;) alert tcp $HOME_NET any -> [152.171.65.137] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.171.65.137/; sid:900520976; rev:1;) alert tcp $HOME_NET any -> [181.198.203.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.203.150/; sid:900520977; rev:1;) alert tcp $HOME_NET any -> [185.94.252.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.3/; sid:900520973; rev:1;) alert tcp $HOME_NET any -> [108.188.116.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.188.116.179/; sid:900520972; rev:1;) alert tcp $HOME_NET any -> [200.50.185.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.185.54/; sid:900520990; rev:1;) alert tcp $HOME_NET any -> [24.243.101.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.101.134/; sid:900520974; rev:1;) alert tcp $HOME_NET any -> [187.233.152.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.152.78/; sid:900520999; rev:1;) alert tcp $HOME_NET any -> [41.220.119.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.220.119.246/; sid:900521003; rev:1;) alert tcp $HOME_NET any -> [62.217.133.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.217.133.100/; sid:900520989; rev:1;) alert tcp $HOME_NET any -> [70.184.97.144] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.97.144/; sid:900520966; rev:1;) alert tcp $HOME_NET any -> [190.210.3.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.3.93/; sid:900520965; rev:1;) alert tcp $HOME_NET any -> [71.11.157.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.11.157.249/; sid:900520967; rev:1;) alert tcp $HOME_NET any -> [50.246.45.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.246.45.249/; sid:900520964; rev:1;) alert tcp $HOME_NET any -> [181.197.2.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.2.252/; sid:900520963; rev:1;) alert tcp $HOME_NET any -> [182.180.92.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.92.102/; sid:900520968; rev:1;) alert tcp $HOME_NET any -> [94.183.129.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.129.173/; sid:900520969; rev:1;) alert tcp $HOME_NET any -> [67.209.208.130] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.208.130/; sid:900520960; rev:1;) alert tcp $HOME_NET any -> [187.189.195.208] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.195.208/; sid:900520962; rev:1;) alert tcp $HOME_NET any -> [86.239.117.57] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.239.117.57/; sid:900520961; rev:1;) alert tcp $HOME_NET any -> [64.87.26.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.87.26.17/; sid:900520959; rev:1;) alert tcp $HOME_NET any -> [103.39.131.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.39.131.88/; sid:900520957; rev:1;) alert tcp $HOME_NET any -> [45.36.20.17] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.20.17/; sid:900520958; rev:1;) alert tcp $HOME_NET any -> [187.188.83.52] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.83.52/; sid:900520948; rev:1;) alert tcp $HOME_NET any -> [186.179.80.99] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.80.99/; sid:900520947; rev:1;) alert tcp $HOME_NET any -> [70.15.236.247] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.15.236.247/; sid:900520955; rev:1;) alert tcp $HOME_NET any -> [58.171.215.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.215.214/; sid:900520954; rev:1;) alert tcp $HOME_NET any -> [69.2.162.139] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.2.162.139/; sid:900520952; rev:1;) alert tcp $HOME_NET any -> [174.56.47.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.56.47.59/; sid:900520946; rev:1;) alert tcp $HOME_NET any -> [213.107.110.253] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.107.110.253/; sid:900520943; rev:1;) alert tcp $HOME_NET any -> [105.224.170.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.170.35/; sid:900520953; rev:1;) alert tcp $HOME_NET any -> [186.15.83.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.83.52/; sid:900520944; rev:1;) alert tcp $HOME_NET any -> [190.92.48.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.48.253/; sid:900520942; rev:1;) alert tcp $HOME_NET any -> [190.85.38.226] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.38.226/; sid:900520941; rev:1;) alert tcp $HOME_NET any -> [201.253.238.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.253.238.50/; sid:900520956; rev:1;) alert tcp $HOME_NET any -> [190.193.141.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.141.52/; sid:900520945; rev:1;) alert tcp $HOME_NET any -> [201.192.156.113] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.156.113/; sid:900520949; rev:1;) alert tcp $HOME_NET any -> [89.211.193.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.193.18/; sid:900520939; rev:1;) alert tcp $HOME_NET any -> [70.28.22.105] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.22.105/; sid:900520937; rev:1;) alert tcp $HOME_NET any -> [181.61.221.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.221.146/; sid:900520936; rev:1;) alert tcp $HOME_NET any -> [70.57.24.230] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.24.230/; sid:900520938; rev:1;) alert tcp $HOME_NET any -> [178.78.64.80] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.78.64.80/; sid:900520935; rev:1;) alert tcp $HOME_NET any -> [175.107.228.236] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.228.236/; sid:900520931; rev:1;) alert tcp $HOME_NET any -> [85.104.59.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.59.244/; sid:900520934; rev:1;) alert tcp $HOME_NET any -> [206.53.93.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.53.93.6/; sid:900520933; rev:1;) alert tcp $HOME_NET any -> [187.176.44.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.44.226/; sid:900520932; rev:1;) alert tcp $HOME_NET any -> [62.151.17.5] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.151.17.5/; sid:900520930; rev:1;) alert tcp $HOME_NET any -> [189.151.39.229] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.151.39.229/; sid:900520922; rev:1;) alert tcp $HOME_NET any -> [200.51.94.251] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.51.94.251/; sid:900520923; rev:1;) alert tcp $HOME_NET any -> [186.177.30.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.30.6/; sid:900520921; rev:1;) alert tcp $HOME_NET any -> [24.234.249.226] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.249.226/; sid:900520925; rev:1;) alert tcp $HOME_NET any -> [205.209.247.11] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.209.247.11/; sid:900520924; rev:1;) alert tcp $HOME_NET any -> [190.108.216.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.216.107/; sid:900520928; rev:1;) alert tcp $HOME_NET any -> [75.104.218.201] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.104.218.201/; sid:900520909; rev:1;) alert tcp $HOME_NET any -> [187.209.46.240] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.209.46.240/; sid:900520917; rev:1;) alert tcp $HOME_NET any -> [189.141.175.53] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.175.53/; sid:900520902; rev:1;) alert tcp $HOME_NET any -> [94.200.157.250] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.157.250/; sid:900520903; rev:1;) alert tcp $HOME_NET any -> [201.220.83.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.83.133/; sid:900520916; rev:1;) alert tcp $HOME_NET any -> [187.142.0.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.142.0.234/; sid:900520910; rev:1;) alert tcp $HOME_NET any -> [177.242.51.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.51.8/; sid:900520914; rev:1;) alert tcp $HOME_NET any -> [182.184.72.199] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.184.72.199/; sid:900520901; rev:1;) alert tcp $HOME_NET any -> [200.55.136.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.55.136.2/; sid:900520904; rev:1;) alert tcp $HOME_NET any -> [186.43.207.22] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.43.207.22/; sid:900520908; rev:1;) alert tcp $HOME_NET any -> [190.46.30.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.46.30.14/; sid:900520906; rev:1;) alert tcp $HOME_NET any -> [186.113.255.229] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.255.229/; sid:900520907; rev:1;) alert tcp $HOME_NET any -> [181.209.169.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.209.169.123/; sid:900520915; rev:1;) alert tcp $HOME_NET any -> [40.134.64.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.64.58/; sid:900520911; rev:1;) alert tcp $HOME_NET any -> [186.86.199.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.199.79/; sid:900520912; rev:1;) alert tcp $HOME_NET any -> [199.36.199.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.36.199.104/; sid:900520913; rev:1;) alert tcp $HOME_NET any -> [189.153.60.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.153.60.187/; sid:900520919; rev:1;) alert tcp $HOME_NET any -> [41.57.104.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.57.104.182/; sid:900520926; rev:1;) alert tcp $HOME_NET any -> [110.93.230.101] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.93.230.101/; sid:900520892; rev:1;) alert tcp $HOME_NET any -> [118.32.221.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.32.221.23/; sid:900520889; rev:1;) alert tcp $HOME_NET any -> [78.188.105.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.105.159/; sid:900520895; rev:1;) alert tcp $HOME_NET any -> [74.56.155.43] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.56.155.43/; sid:900520884; rev:1;) alert tcp $HOME_NET any -> [59.103.164.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.103.164.174/; sid:900520896; rev:1;) alert tcp $HOME_NET any -> [103.53.44.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.53.44.20/; sid:900520894; rev:1;) alert tcp $HOME_NET any -> [103.107.27.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.27.129/; sid:900520890; rev:1;) alert tcp $HOME_NET any -> [41.87.168.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.87.168.158/; sid:900520893; rev:1;) alert tcp $HOME_NET any -> [217.165.127.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.127.223/; sid:900520905; rev:1;) alert tcp $HOME_NET any -> [42.115.105.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.115.105.246/; sid:900520897; rev:1;) alert tcp $HOME_NET any -> [186.23.186.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.186.99/; sid:900520878; rev:1;) alert tcp $HOME_NET any -> [189.188.140.179] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.188.140.179/; sid:900520879; rev:1;) alert tcp $HOME_NET any -> [85.105.205.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.205.77/; sid:900520885; rev:1;) alert tcp $HOME_NET any -> [201.184.224.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.224.178/; sid:900520881; rev:1;) alert tcp $HOME_NET any -> [201.251.12.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.12.153/; sid:900520883; rev:1;) alert tcp $HOME_NET any -> [201.213.72.74] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.72.74/; sid:900520882; rev:1;) alert tcp $HOME_NET any -> [143.0.245.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.245.169/; sid:900520877; rev:1;) alert tcp $HOME_NET any -> [190.111.215.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.111.215.2/; sid:900520880; rev:1;) alert tcp $HOME_NET any -> [213.191.168.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.191.168.93/; sid:900520971; rev:1;) alert tcp $HOME_NET any -> [88.225.223.211] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.223.211/; sid:900521004; rev:1;) alert tcp $HOME_NET any -> [190.117.51.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.51.248/; sid:900520918; rev:1;) alert tcp $HOME_NET any -> [95.44.198.249] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.44.198.249/; sid:900520886; rev:1;) alert tcp $HOME_NET any -> [23.240.26.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.240.26.210/; sid:900520940; rev:1;) alert tcp $HOME_NET any -> [181.16.4.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.4.180/; sid:900520900; rev:1;) alert tcp $HOME_NET any -> [190.117.202.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.202.39/; sid:900520865; rev:1;) alert tcp $HOME_NET any -> [201.233.19.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.233.19.23/; sid:900520868; rev:1;) alert tcp $HOME_NET any -> [181.140.37.228] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.140.37.228/; sid:900520864; rev:1;) alert tcp $HOME_NET any -> [209.217.209.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.217.209.214/; sid:900520869; rev:1;) alert tcp $HOME_NET any -> [181.175.60.255] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.60.255/; sid:900520875; rev:1;) alert tcp $HOME_NET any -> [190.47.158.127] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.158.127/; sid:900520866; rev:1;) alert tcp $HOME_NET any -> [201.231.209.16] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.209.16/; sid:900520867; rev:1;) alert tcp $HOME_NET any -> [216.8.171.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.171.214/; sid:900520870; rev:1;) alert tcp $HOME_NET any -> [60.254.45.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.254.45.78/; sid:900520871; rev:1;) alert tcp $HOME_NET any -> [75.149.91.249] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.149.91.249/; sid:900520872; rev:1;) alert tcp $HOME_NET any -> [96.20.94.194] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.94.194/; sid:900520873; rev:1;) alert tcp $HOME_NET any -> [117.218.17.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.218.17.6/; sid:900520874; rev:1;) alert tcp $HOME_NET any -> [200.116.70.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.70.135/; sid:900520888; rev:1;) alert tcp $HOME_NET any -> [152.168.211.207] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.211.207/; sid:900520863; rev:1;) alert tcp $HOME_NET any -> [98.144.73.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.73.193/; sid:900520898; rev:1;) alert tcp $HOME_NET any -> [190.77.126.30] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.77.126.30/; sid:900520887; rev:1;) alert tcp $HOME_NET any -> [103.224.157.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.157.244/; sid:900520891; rev:1;) alert tcp $HOME_NET any -> [24.61.139.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.61.139.70/; sid:900520920; rev:1;) alert tcp $HOME_NET any -> [190.131.155.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.155.107/; sid:900520855; rev:1;) alert tcp $HOME_NET any -> [87.75.117.133] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.75.117.133/; sid:900520857; rev:1;) alert tcp $HOME_NET any -> [85.164.23.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.164.23.34/; sid:900520856; rev:1;) alert tcp $HOME_NET any -> [116.58.22.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.58.22.75/; sid:900520853; rev:1;) alert tcp $HOME_NET any -> [200.125.28.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.28.214/; sid:900520859; rev:1;) alert tcp $HOME_NET any -> [192.250.16.124] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.250.16.124/; sid:900520858; rev:1;) alert tcp $HOME_NET any -> [187.163.222.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.222.244/; sid:900520862; rev:1;) alert tcp $HOME_NET any -> [2.50.177.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.177.244/; sid:900520860; rev:1;) alert tcp $HOME_NET any -> [186.71.61.92] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.92/; sid:900520854; rev:1;) alert tcp $HOME_NET any -> [104.220.134.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.220.134.222/; sid:900520848; rev:1;) alert tcp $HOME_NET any -> [181.61.253.171] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.253.171/; sid:900520850; rev:1;) alert tcp $HOME_NET any -> [104.33.204.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.33.204.83/; sid:900520899; rev:1;) alert tcp $HOME_NET any -> [108.58.73.115] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.58.73.115/; sid:900520852; rev:1;) alert tcp $HOME_NET any -> [96.64.59.185] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.64.59.185/; sid:900520841; rev:1;) alert tcp $HOME_NET any -> [96.56.206.155] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.206.155/; sid:900520840; rev:1;) alert tcp $HOME_NET any -> [47.50.17.78] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.50.17.78/; sid:900520845; rev:1;) alert tcp $HOME_NET any -> [72.132.106.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.132.106.183/; sid:900520842; rev:1;) alert tcp $HOME_NET any -> [73.185.67.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.185.67.141/; sid:900520839; rev:1;) alert tcp $HOME_NET any -> [70.118.9.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.9.166/; sid:900520847; rev:1;) alert tcp $HOME_NET any -> [70.45.30.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.30.28/; sid:900520838; rev:1;) alert tcp $HOME_NET any -> [216.81.19.67] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.81.19.67/; sid:900520837; rev:1;) alert tcp $HOME_NET any -> [154.72.75.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.72.75.82/; sid:900520830; rev:1;) alert tcp $HOME_NET any -> [71.91.161.118] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.91.161.118/; sid:900520832; rev:1;) alert tcp $HOME_NET any -> [182.76.6.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.76.6.2/; sid:900520876; rev:1;) alert tcp $HOME_NET any -> [46.197.87.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.197.87.227/; sid:900520833; rev:1;) alert tcp $HOME_NET any -> [213.119.28.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.119.28.126/; sid:900520834; rev:1;) alert tcp $HOME_NET any -> [190.220.33.82] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.33.82/; sid:900520829; rev:1;) alert tcp $HOME_NET any -> [66.228.228.211] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.228.211/; sid:900520828; rev:1;) alert tcp $HOME_NET any -> [190.144.66.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.66.30/; sid:900520822; rev:1;) alert tcp $HOME_NET any -> [189.208.239.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.239.98/; sid:900520821; rev:1;) alert tcp $HOME_NET any -> [186.138.205.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.205.189/; sid:900520818; rev:1;) alert tcp $HOME_NET any -> [173.248.147.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.248.147.186/; sid:900520816; rev:1;) alert tcp $HOME_NET any -> [184.161.177.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.161.177.223/; sid:900520817; rev:1;) alert tcp $HOME_NET any -> [186.96.198.72] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.198.72/; sid:900520819; rev:1;) alert tcp $HOME_NET any -> [70.28.3.120] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.3.120/; sid:900520825; rev:1;) alert tcp $HOME_NET any -> [201.220.140.190] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.140.190/; sid:900520824; rev:1;) alert tcp $HOME_NET any -> [190.171.105.158] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.105.158/; sid:900520823; rev:1;) alert tcp $HOME_NET any -> [187.201.31.46] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.201.31.46/; sid:900520820; rev:1;) alert tcp $HOME_NET any -> [85.105.215.241] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.215.241/; sid:900520826; rev:1;) alert tcp $HOME_NET any -> [104.200.80.44] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.200.80.44/; sid:900520811; rev:1;) alert tcp $HOME_NET any -> [108.190.34.69] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.34.69/; sid:900520806; rev:1;) alert tcp $HOME_NET any -> [107.13.149.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.13.149.212/; sid:900520805; rev:1;) alert tcp $HOME_NET any -> [208.82.45.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.82.45.8/; sid:900520803; rev:1;) alert tcp $HOME_NET any -> [208.107.52.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.107.52.29/; sid:900520802; rev:1;) alert tcp $HOME_NET any -> [189.225.165.11] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.165.11/; sid:900520801; rev:1;) alert tcp $HOME_NET any -> [190.40.100.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.40.100.7/; sid:900520812; rev:1;) alert tcp $HOME_NET any -> [66.57.212.114] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.57.212.114/; sid:900520846; rev:1;) alert tcp $HOME_NET any -> [64.17.83.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.17.83.46/; sid:900520815; rev:1;) alert tcp $HOME_NET any -> [108.16.93.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.16.93.238/; sid:900520793; rev:1;) alert tcp $HOME_NET any -> [54.36.119.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.119.105/; sid:900520796; rev:1;) alert tcp $HOME_NET any -> [187.137.106.175] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.106.175/; sid:900520795; rev:1;) alert tcp $HOME_NET any -> [184.188.136.215] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.188.136.215/; sid:900520800; rev:1;) alert tcp $HOME_NET any -> [75.132.60.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.132.60.192/; sid:900520797; rev:1;) alert tcp $HOME_NET any -> [201.143.123.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.123.254/; sid:900520813; rev:1;) alert tcp $HOME_NET any -> [190.180.44.175] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.44.175/; sid:900520814; rev:1;) alert tcp $HOME_NET any -> [181.168.123.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.123.241/; sid:900520844; rev:1;) alert tcp $HOME_NET any -> [189.252.59.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.59.243/; sid:900520810; rev:1;) alert tcp $HOME_NET any -> [173.167.83.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.167.83.97/; sid:900520794; rev:1;) alert tcp $HOME_NET any -> [201.137.254.209] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.254.209/; sid:900520783; rev:1;) alert tcp $HOME_NET any -> [201.137.255.80] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.255.80/; sid:900520784; rev:1;) alert tcp $HOME_NET any -> [47.204.55.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.204.55.229/; sid:900520789; rev:1;) alert tcp $HOME_NET any -> [110.36.217.66] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.217.66/; sid:900520786; rev:1;) alert tcp $HOME_NET any -> [65.29.214.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.29.214.70/; sid:900520792; rev:1;) alert tcp $HOME_NET any -> [75.99.239.150] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.239.150/; sid:900520799; rev:1;) alert tcp $HOME_NET any -> [72.137.188.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.137.188.42/; sid:900520790; rev:1;) alert tcp $HOME_NET any -> [190.194.4.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.4.221/; sid:900520787; rev:1;) alert tcp $HOME_NET any -> [24.201.132.122] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.201.132.122/; sid:900520785; rev:1;) alert tcp $HOME_NET any -> [187.153.90.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.90.98/; sid:900520781; rev:1;) alert tcp $HOME_NET any -> [187.138.90.97] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.138.90.97/; sid:900520780; rev:1;) alert tcp $HOME_NET any -> [173.8.8.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.8.8.73/; sid:900520861; rev:1;) alert tcp $HOME_NET any -> [73.115.132.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.115.132.124/; sid:900520843; rev:1;) alert tcp $HOME_NET any -> [189.130.56.200] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.130.56.200/; sid:900520782; rev:1;) alert tcp $HOME_NET any -> [24.219.3.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.219.3.156/; sid:900520775; rev:1;) alert tcp $HOME_NET any -> [186.103.141.250] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.103.141.250/; sid:900520772; rev:1;) alert tcp $HOME_NET any -> [74.59.106.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.59.106.11/; sid:900520777; rev:1;) alert tcp $HOME_NET any -> [41.60.202.26] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.60.202.26/; sid:900520776; rev:1;) alert tcp $HOME_NET any -> [186.176.27.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.27.230/; sid:900520774; rev:1;) alert tcp $HOME_NET any -> [186.137.133.132] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.133.132/; sid:900520773; rev:1;) alert tcp $HOME_NET any -> [78.188.44.240] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.44.240/; sid:900520763; rev:1;) alert tcp $HOME_NET any -> [166.78.243.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.78.243.43/; sid:900520771; rev:1;) alert tcp $HOME_NET any -> [189.131.93.44] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.93.44/; sid:900520756; rev:1;) alert tcp $HOME_NET any -> [96.47.92.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.47.92.60/; sid:900520759; rev:1;) alert tcp $HOME_NET any -> [190.34.215.74] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.34.215.74/; sid:900520754; rev:1;) alert tcp $HOME_NET any -> [179.62.226.22] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.226.22/; sid:900520753; rev:1;) alert tcp $HOME_NET any -> [71.42.166.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.42.166.139/; sid:900520752; rev:1;) alert tcp $HOME_NET any -> [173.68.169.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.68.169.16/; sid:900520738; rev:1;) alert tcp $HOME_NET any -> [186.10.76.19] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.76.19/; sid:900520740; rev:1;) alert tcp $HOME_NET any -> [201.184.67.10] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.67.10/; sid:900520735; rev:1;) alert tcp $HOME_NET any -> [210.79.77.131] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.79.77.131/; sid:900520736; rev:1;) alert tcp $HOME_NET any -> [186.42.119.26] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.119.26/; sid:900520741; rev:1;) alert tcp $HOME_NET any -> [70.123.237.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.123.237.77/; sid:900520733; rev:1;) alert tcp $HOME_NET any -> [173.63.66.10] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.63.66.10/; sid:900520732; rev:1;) alert tcp $HOME_NET any -> [79.75.233.224] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.75.233.224/; sid:900520730; rev:1;) alert tcp $HOME_NET any -> [147.135.210.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.135.210.39/; sid:900520778; rev:1;) alert tcp $HOME_NET any -> [183.87.87.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.87.73/; sid:900520791; rev:1;) alert tcp $HOME_NET any -> [167.114.210.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.210.191/; sid:900520779; rev:1;) alert tcp $HOME_NET any -> [179.62.48.123] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.48.123/; sid:900520721; rev:1;) alert tcp $HOME_NET any -> [70.118.28.174] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.28.174/; sid:900520719; rev:1;) alert tcp $HOME_NET any -> [50.198.42.246] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.198.42.246/; sid:900520714; rev:1;) alert tcp $HOME_NET any -> [86.98.217.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.217.63/; sid:900520750; rev:1;) alert tcp $HOME_NET any -> [181.119.30.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.36/; sid:900520712; rev:1;) alert tcp $HOME_NET any -> [216.255.17.231] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.255.17.231/; sid:900520713; rev:1;) alert tcp $HOME_NET any -> [186.10.243.34] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.243.34/; sid:900520700; rev:1;) alert tcp $HOME_NET any -> [187.148.77.84] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.77.84/; sid:900520701; rev:1;) alert tcp $HOME_NET any -> [189.166.103.82] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.103.82/; sid:900520702; rev:1;) alert tcp $HOME_NET any -> [64.228.72.40] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.228.72.40/; sid:900520686; rev:1;) alert tcp $HOME_NET any -> [72.84.179.218] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.84.179.218/; sid:900520689; rev:1;) alert tcp $HOME_NET any -> [68.195.129.139] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.195.129.139/; sid:900520687; rev:1;) alert tcp $HOME_NET any -> [24.243.160.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.160.247/; sid:900520691; rev:1;) alert tcp $HOME_NET any -> [66.193.130.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.193.130.13/; sid:900520692; rev:1;) alert tcp $HOME_NET any -> [70.116.68.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.116.68.186/; sid:900520693; rev:1;) alert tcp $HOME_NET any -> [191.92.83.137] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.83.137/; sid:900520685; rev:1;) alert tcp $HOME_NET any -> [194.154.80.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.154.80.106/; sid:900520703; rev:1;) alert tcp $HOME_NET any -> [201.204.44.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.204.44.101/; sid:900520705; rev:1;) alert tcp $HOME_NET any -> [70.177.115.200] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.177.115.200/; sid:900520710; rev:1;) alert tcp $HOME_NET any -> [70.114.194.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.114.194.228/; sid:900520709; rev:1;) alert tcp $HOME_NET any -> [172.98.243.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.98.243.40/; sid:900520684; rev:1;) alert tcp $HOME_NET any -> [107.10.49.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.10.49.252/; sid:900520683; rev:1;) alert tcp $HOME_NET any -> [24.151.31.150] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.151.31.150/; sid:900520694; rev:1;) alert tcp $HOME_NET any -> [90.63.245.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.63.245.70/; sid:900520677; rev:1;) alert tcp $HOME_NET any -> [192.92.6.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.92.6.125/; sid:900520668; rev:1;) alert tcp $HOME_NET any -> [24.123.39.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.39.18/; sid:900520695; rev:1;) alert tcp $HOME_NET any -> [24.185.185.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.185.185.187/; sid:900520670; rev:1;) alert tcp $HOME_NET any -> [24.243.123.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.123.25/; sid:900520682; rev:1;) alert tcp $HOME_NET any -> [58.252.57.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.252.57.205/; sid:900520671; rev:1;) alert tcp $HOME_NET any -> [70.115.70.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.115.70.154/; sid:900520688; rev:1;) alert tcp $HOME_NET any -> [181.29.214.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.214.233/; sid:900520698; rev:1;) alert tcp $HOME_NET any -> [96.20.172.107] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.172.107/; sid:900520751; rev:1;) alert tcp $HOME_NET any -> [123.168.4.66] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.168.4.66/; sid:900520696; rev:1;) alert tcp $HOME_NET any -> [172.248.21.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.248.21.6/; sid:900520769; rev:1;) alert tcp $HOME_NET any -> [173.21.116.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.116.239/; sid:900520666; rev:1;) alert tcp $HOME_NET any -> [187.198.33.171] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.33.171/; sid:900520667; rev:1;) alert tcp $HOME_NET any -> [73.194.61.246] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.194.61.246/; sid:900520674; rev:1;) alert tcp $HOME_NET any -> [186.68.100.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.100.2/; sid:900520742; rev:1;) alert tcp $HOME_NET any -> [190.154.155.34] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.155.34/; sid:900520734; rev:1;) alert tcp $HOME_NET any -> [190.92.58.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.58.150/; sid:900520745; rev:1;) alert tcp $HOME_NET any -> [173.94.53.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.94.53.3/; sid:900520697; rev:1;) alert tcp $HOME_NET any -> [74.62.89.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.62.89.170/; sid:900520748; rev:1;) alert tcp $HOME_NET any -> [69.198.17.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.198.17.7/; sid:900520927; rev:1;) alert tcp $HOME_NET any -> [23.233.240.77] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.233.240.77/; sid:900520708; rev:1;) alert tcp $HOME_NET any -> [189.147.12.211] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.12.211/; sid:900520717; rev:1;) alert tcp $HOME_NET any -> [71.41.68.158] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.41.68.158/; sid:900520690; rev:1;) alert tcp $HOME_NET any -> [212.83.51.248] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.83.51.248/; sid:900520707; rev:1;) alert tcp $HOME_NET any -> [201.212.113.14] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.113.14/; sid:900520676; rev:1;) alert tcp $HOME_NET any -> [190.117.226.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.226.104/; sid:900520744; rev:1;) alert tcp $HOME_NET any -> [168.226.35.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.226.35.218/; sid:900520724; rev:1;) alert tcp $HOME_NET any -> [190.85.8.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.8.155/; sid:900520718; rev:1;) alert tcp $HOME_NET any -> [64.19.74.49] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.19.74.49/; sid:900520715; rev:1;) alert tcp $HOME_NET any -> [24.153.169.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.153.169.62/; sid:900520669; rev:1;) alert tcp $HOME_NET any -> [173.255.250.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.250.241/; sid:900520770; rev:1;) alert tcp $HOME_NET any -> [201.164.251.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.164.251.76/; sid:900520788; rev:1;) alert tcp $HOME_NET any -> [208.180.246.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.246.147/; sid:900520747; rev:1;) alert tcp $HOME_NET any -> [209.159.244.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.159.244.240/; sid:900520706; rev:1;) alert tcp $HOME_NET any -> [74.45.170.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.45.170.110/; sid:900520679; rev:1;) alert tcp $HOME_NET any -> [73.186.92.178] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.186.92.178/; sid:900520673; rev:1;) alert tcp $HOME_NET any -> [201.122.94.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.122.94.84/; sid:900520704; rev:1;) alert tcp $HOME_NET any -> [181.56.165.97] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.56.165.97/; sid:900520699; rev:1;) alert tcp $HOME_NET any -> [189.173.176.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.176.115/; sid:900520681; rev:1;) alert tcp $HOME_NET any -> [51.255.50.164] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.50.164/; sid:900520675; rev:1;) alert tcp $HOME_NET any -> [192.163.199.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.199.254/; sid:900520678; rev:1;) alert tcp $HOME_NET any -> [133.242.164.31] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.242.164.31/; sid:900520665; rev:1;) alert tcp $HOME_NET any -> [153.121.36.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.121.36.202/; sid:900520629; rev:1;) alert tcp $HOME_NET any -> [89.211.147.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.147.250/; sid:900520548; rev:1;) alert tcp $HOME_NET any -> [207.167.7.141] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.167.7.141/; sid:900520544; rev:1;) alert tcp $HOME_NET any -> [206.248.110.184] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.248.110.184/; sid:900520545; rev:1;) alert tcp $HOME_NET any -> [189.253.39.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.39.50/; sid:900520534; rev:1;) alert tcp $HOME_NET any -> [50.31.0.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.31.0.160/; sid:900520486; rev:1;) alert tcp $HOME_NET any -> [208.78.100.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.100.202/; sid:900520428; rev:1;) alert tcp $HOME_NET any -> [45.63.17.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.17.206/; sid:900520432; rev:1;) alert tcp $HOME_NET any -> [72.47.248.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.248.48/; sid:900520435; rev:1;) alert tcp $HOME_NET any -> [62.75.191.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.191.231/; sid:900520316; rev:1;) alert tcp $HOME_NET any -> [69.163.33.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.163.33.82/; sid:900520296; rev:1;) alert tcp $HOME_NET any -> [182.180.170.72] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.170.72/; sid:900520573; rev:1;) alert tcp $HOME_NET any -> [23.254.203.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.254.203.51/; sid:900520627; rev:1;) alert tcp $HOME_NET any -> [5.9.128.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.128.163/; sid:900520661; rev:1;) alert tcp $HOME_NET any -> [78.186.175.183] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.175.183/; sid:900520138; rev:1;) alert tcp $HOME_NET any -> [103.9.226.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.226.57/; sid:900520050; rev:1;) alert tcp $HOME_NET any -> [27.72.113.79] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.113.79/; sid:900520951; rev:1;) alert tcp $HOME_NET any -> [201.220.152.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.152.101/; sid:900520988; rev:1;) alert tcp $HOME_NET any -> [211.63.34.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.63.34.183/; sid:900520950; rev:1;) alert tcp $HOME_NET any -> [5.230.147.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.230.147.179/; sid:900520970; rev:1;) alert tcp $HOME_NET any -> [186.4.234.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.234.27/; sid:900520929; rev:1;) alert tcp $HOME_NET any -> [45.123.3.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.123.3.54/; sid:900518658; rev:1;) alert tcp $HOME_NET any -> [222.214.218.192] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.214.218.192/; sid:900518682; rev:1;) alert tcp $HOME_NET any -> [192.155.90.90] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.155.90.90/; sid:900520154; rev:1;) alert tcp $HOME_NET any -> [70.167.72.96] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.167.72.96/; sid:900520662; rev:1;) alert tcp $HOME_NET any -> [72.46.213.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.46.213.222/; sid:900507243; rev:1;) alert tcp $HOME_NET any -> [201.183.153.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.153.243/; sid:900507194; rev:1;) alert tcp $HOME_NET any -> [93.103.89.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.103.89.117/; sid:900507210; rev:1;) alert tcp $HOME_NET any -> [24.253.16.214] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.253.16.214/; sid:900507173; rev:1;) alert tcp $HOME_NET any -> [24.40.230.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.40.230.254/; sid:900507167; rev:1;) alert tcp $HOME_NET any -> [157.7.164.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.164.23/; sid:900507166; rev:1;) alert tcp $HOME_NET any -> [24.98.3.183] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.98.3.183/; sid:900507168; rev:1;) alert tcp $HOME_NET any -> [118.41.9.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.41.9.171/; sid:900507156; rev:1;) alert tcp $HOME_NET any -> [199.38.204.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.38.204.218/; sid:900507157; rev:1;) alert tcp $HOME_NET any -> [50.125.99.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.125.99.70/; sid:900507158; rev:1;) alert tcp $HOME_NET any -> [189.250.174.245] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.174.245/; sid:900507154; rev:1;) alert tcp $HOME_NET any -> [24.90.102.247] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.90.102.247/; sid:900507153; rev:1;) alert tcp $HOME_NET any -> [213.79.36.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.79.36.67/; sid:900507152; rev:1;) alert tcp $HOME_NET any -> [201.142.170.69] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.170.69/; sid:900507147; rev:1;) alert tcp $HOME_NET any -> [24.194.235.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.194.235.193/; sid:900507150; rev:1;) alert tcp $HOME_NET any -> [118.174.151.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.174.151.25/; sid:900507149; rev:1;) alert tcp $HOME_NET any -> [67.251.11.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.251.11.28/; sid:900507143; rev:1;) alert tcp $HOME_NET any -> [173.70.36.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.70.36.136/; sid:900507146; rev:1;) alert tcp $HOME_NET any -> [78.102.51.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.102.51.229/; sid:900519733; rev:1;) alert tcp $HOME_NET any -> [174.106.101.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.106.101.58/; sid:900507128; rev:1;) alert tcp $HOME_NET any -> [199.119.78.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.119.78.19/; sid:900507113; rev:1;) alert tcp $HOME_NET any -> [194.150.118.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.150.118.8/; sid:900507119; rev:1;) alert tcp $HOME_NET any -> [212.129.56.179] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.56.179/; sid:900507082; rev:1;) alert tcp $HOME_NET any -> [73.52.173.117] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.52.173.117/; sid:900507077; rev:1;) alert tcp $HOME_NET any -> [95.141.175.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.141.175.240/; sid:900519752; rev:1;) alert tcp $HOME_NET any -> [199.0.205.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.0.205.131/; sid:900507066; rev:1;) alert tcp $HOME_NET any -> [108.170.54.171] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.54.171/; sid:900506999; rev:1;) alert tcp $HOME_NET any -> [71.244.60.231] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.244.60.231/; sid:900506785; rev:1;) alert tcp $HOME_NET any -> [173.212.192.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.192.45/; sid:900506699; rev:1;) alert tcp $HOME_NET any -> [194.88.246.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.88.246.242/; sid:900506657; rev:1;) alert tcp $HOME_NET any -> [178.254.33.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.33.12/; sid:900506609; rev:1;) alert tcp $HOME_NET any -> [94.199.242.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.199.242.92/; sid:900506617; rev:1;) alert tcp $HOME_NET any -> [74.208.155.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.155.175/; sid:900506602; rev:1;) alert tcp $HOME_NET any -> [51.255.58.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.58.18/; sid:900506599; rev:1;) alert tcp $HOME_NET any -> [74.50.52.130] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.50.52.130/; sid:900506598; rev:1;) alert tcp $HOME_NET any -> [5.45.108.249] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.45.108.249/; sid:900506595; rev:1;) alert tcp $HOME_NET any -> [108.59.253.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.59.253.38/; sid:900506588; rev:1;) alert tcp $HOME_NET any -> [164.132.50.32] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.50.32/; sid:900506538; rev:1;) alert tcp $HOME_NET any -> [192.81.212.79] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.81.212.79/; sid:900506537; rev:1;) alert tcp $HOME_NET any -> [74.208.17.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.17.10/; sid:900506524; rev:1;) alert tcp $HOME_NET any -> [109.74.204.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.74.204.70/; sid:900506415; rev:1;) alert tcp $HOME_NET any -> [104.236.2.253] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.2.253/; sid:900506384; rev:1;) alert tcp $HOME_NET any -> [194.88.246.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.88.246.7/; sid:900506383; rev:1;) alert tcp $HOME_NET any -> [119.82.27.246] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.82.27.246/; sid:900506382; rev:1;) alert tcp $HOME_NET any -> [85.143.221.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.221.180/; sid:900506381; rev:1;) alert tcp $HOME_NET any -> [212.83.166.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.83.166.45/; sid:900506375; rev:1;) # END (367) entries