################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive) # # Last updated: 2019-10-12 19:12:23 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [194.5.250.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.94/; sid:900622460; rev:1;) alert tcp $HOME_NET any -> [46.21.153.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.17/; sid:900622458; rev:1;) alert tcp $HOME_NET any -> [31.202.132.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.155/; sid:900622457; rev:1;) alert tcp $HOME_NET any -> [85.143.218.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.203/; sid:900622456; rev:1;) alert tcp $HOME_NET any -> [212.80.216.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.58/; sid:900622455; rev:1;) alert tcp $HOME_NET any -> [78.24.217.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.217.84/; sid:900622453; rev:1;) alert tcp $HOME_NET any -> [81.177.26.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.26.27/; sid:900622454; rev:1;) alert tcp $HOME_NET any -> [199.195.254.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.254.138/; sid:900622452; rev:1;) alert tcp $HOME_NET any -> [68.183.170.114] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.170.114/; sid:901094185; rev:1;) alert tcp $HOME_NET any -> [192.81.213.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.81.213.192/; sid:901094143; rev:1;) alert tcp $HOME_NET any -> [133.167.80.63] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.167.80.63/; sid:901094132; rev:1;) alert tcp $HOME_NET any -> [24.45.195.162] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.45.195.162/; sid:901094128; rev:1;) alert tcp $HOME_NET any -> [201.184.105.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.105.242/; sid:901094127; rev:1;) alert tcp $HOME_NET any -> [188.137.81.201] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.137.81.201/; sid:900622451; rev:1;) alert tcp $HOME_NET any -> [82.196.15.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.196.15.205/; sid:901091527; rev:1;) alert tcp $HOME_NET any -> [216.98.148.181] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.181/; sid:901091497; rev:1;) alert tcp $HOME_NET any -> [91.83.93.105] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.105/; sid:901091496; rev:1;) alert tcp $HOME_NET any -> [198.199.114.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.114.69/; sid:901091465; rev:1;) alert tcp $HOME_NET any -> [23.239.29.211] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.29.211/; sid:901091464; rev:1;) alert tcp $HOME_NET any -> [189.253.27.123] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.27.123/; sid:901091463; rev:1;) alert tcp $HOME_NET any -> [203.99.188.203] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.188.203/; sid:901091454; rev:1;) alert tcp $HOME_NET any -> [181.47.235.26] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.47.235.26/; sid:901091443; rev:1;) alert tcp $HOME_NET any -> [216.75.37.196] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.75.37.196/; sid:901091441; rev:1;) alert tcp $HOME_NET any -> [144.76.62.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.62.10/; sid:901091434; rev:1;) alert tcp $HOME_NET any -> [213.138.100.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.138.100.98/; sid:901091433; rev:1;) alert tcp $HOME_NET any -> [70.32.94.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.94.58/; sid:901091432; rev:1;) alert tcp $HOME_NET any -> [185.244.150.142] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.150.142/; sid:900622434; rev:1;) alert tcp $HOME_NET any -> [81.190.160.139] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.190.160.139/; sid:900622432; rev:1;) alert tcp $HOME_NET any -> [45.80.148.30] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.30/; sid:900622431; rev:1;) alert tcp $HOME_NET any -> [45.142.213.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.213.58/; sid:900622430; rev:1;) alert tcp $HOME_NET any -> [85.11.116.194] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.11.116.194/; sid:900622429; rev:1;) alert tcp $HOME_NET any -> [185.164.32.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.113/; sid:900622428; rev:1;) alert tcp $HOME_NET any -> [45.66.11.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.11.116/; sid:900622427; rev:1;) alert tcp $HOME_NET any -> [94.156.144.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.144.3/; sid:900622424; rev:1;) alert tcp $HOME_NET any -> [89.25.238.170] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.25.238.170/; sid:900622423; rev:1;) alert tcp $HOME_NET any -> [185.79.243.37] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.79.243.37/; sid:900622420; rev:1;) alert tcp $HOME_NET any -> [46.21.153.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.5/; sid:900622421; rev:1;) alert tcp $HOME_NET any -> [185.251.38.165] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.165/; sid:900622422; rev:1;) alert tcp $HOME_NET any -> [185.222.202.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.223/; sid:900622418; rev:1;) alert tcp $HOME_NET any -> [198.98.51.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.83/; sid:900622419; rev:1;) alert tcp $HOME_NET any -> [185.14.31.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.109/; sid:900622417; rev:1;) alert tcp $HOME_NET any -> [92.242.40.148] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.40.148/; sid:900622426; rev:1;) alert tcp $HOME_NET any -> [194.5.250.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.83/; sid:900622425; rev:1;) alert tcp $HOME_NET any -> [23.94.233.194] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.233.194/; sid:900622416; rev:1;) alert tcp $HOME_NET any -> [31.214.138.207] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.214.138.207/; sid:900622433; rev:1;) alert tcp $HOME_NET any -> [195.123.247.99] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.247.99/; sid:900622436; rev:1;) alert tcp $HOME_NET any -> [195.123.220.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.88/; sid:900622415; rev:1;) alert tcp $HOME_NET any -> [5.185.67.137] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.185.67.137/; sid:900622446; rev:1;) alert tcp $HOME_NET any -> [104.244.76.156] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.76.156/; sid:900622412; rev:1;) alert tcp $HOME_NET any -> [192.241.220.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.220.183/; sid:901078100; rev:1;) alert tcp $HOME_NET any -> [91.109.5.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.109.5.28/; sid:901078089; rev:1;) alert tcp $HOME_NET any -> [173.249.157.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.157.58/; sid:901078088; rev:1;) alert tcp $HOME_NET any -> [107.172.248.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.248.84/; sid:900622410; rev:1;) alert tcp $HOME_NET any -> [185.142.99.61] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.61/; sid:900622409; rev:1;) alert tcp $HOME_NET any -> [5.1.86.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.86.195/; sid:901077451; rev:1;) alert tcp $HOME_NET any -> [68.183.190.199] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.190.199/; sid:901077449; rev:1;) alert tcp $HOME_NET any -> [69.162.169.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.162.169.173/; sid:901077448; rev:1;) alert tcp $HOME_NET any -> [38.132.99.147] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.132.99.147/; sid:900622405; rev:1;) alert tcp $HOME_NET any -> [194.5.250.89] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.89/; sid:900622403; rev:1;) alert tcp $HOME_NET any -> [66.55.71.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.106/; sid:900622404; rev:1;) alert tcp $HOME_NET any -> [212.22.75.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.94/; sid:900622402; rev:1;) alert tcp $HOME_NET any -> [198.24.134.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.24.134.7/; sid:900622406; rev:1;) alert tcp $HOME_NET any -> [94.192.225.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.192.225.46/; sid:901076526; rev:1;) alert tcp $HOME_NET any -> [209.141.58.175] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.58.175/; sid:900622399; rev:1;) alert tcp $HOME_NET any -> [93.123.73.40] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.123.73.40/; sid:900622398; rev:1;) alert tcp $HOME_NET any -> [195.123.239.16] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.16/; sid:900622397; rev:1;) alert tcp $HOME_NET any -> [194.5.250.87] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.87/; sid:900622395; rev:1;) alert tcp $HOME_NET any -> [23.95.227.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.227.178/; sid:900622394; rev:1;) alert tcp $HOME_NET any -> [152.89.236.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.236.214/; sid:901056274; rev:1;) alert tcp $HOME_NET any -> [78.189.94.99] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.94.99/; sid:901055292; rev:1;) alert tcp $HOME_NET any -> [27.4.80.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.4.80.183/; sid:901055217; rev:1;) alert tcp $HOME_NET any -> [172.105.11.15] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.11.15/; sid:901055210; rev:1;) alert tcp $HOME_NET any -> [182.188.39.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.188.39.68/; sid:901055109; rev:1;) alert tcp $HOME_NET any -> [46.101.212.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.212.195/; sid:901055084; rev:1;) alert tcp $HOME_NET any -> [68.169.49.14] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.169.49.14/; sid:901055083; rev:1;) alert tcp $HOME_NET any -> [103.31.232.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.31.232.93/; sid:901055082; rev:1;) alert tcp $HOME_NET any -> [185.222.202.193] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.193/; sid:900622386; rev:1;) alert tcp $HOME_NET any -> [5.61.35.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.61.35.158/; sid:900622384; rev:1;) alert tcp $HOME_NET any -> [15.201.133.244] 49300 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.201.133.244/; sid:901051053; rev:1;) alert tcp $HOME_NET any -> [64.139.0.139] 50164 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.139.0.139/; sid:901051049; rev:1;) alert tcp $HOME_NET any -> [144.144.195.91] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.91/; sid:901051046; rev:1;) alert tcp $HOME_NET any -> [41.218.116.192] 33752 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.218.116.192/; sid:901051045; rev:1;) alert tcp $HOME_NET any -> [81.232.36.4] 65515 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.232.36.4/; sid:901051044; rev:1;) alert tcp $HOME_NET any -> [36.76.137.201] 260 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.76.137.201/; sid:901051043; rev:1;) alert tcp $HOME_NET any -> [84.137.194.41] 2084 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.137.194.41/; sid:901051042; rev:1;) alert tcp $HOME_NET any -> [114.208.57.244] 47115 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.208.57.244/; sid:901051040; rev:1;) alert tcp $HOME_NET any -> [32.36.84.139] 6795 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.36.84.139/; sid:901051039; rev:1;) alert tcp $HOME_NET any -> [195.16.196.131] 33619 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.16.196.131/; sid:901051037; rev:1;) alert tcp $HOME_NET any -> [4.36.68.137] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.68.137/; sid:901051035; rev:1;) alert tcp $HOME_NET any -> [139.16.236.131] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.16.236.131/; sid:901051033; rev:1;) alert tcp $HOME_NET any -> [91.8.196.131] 24414 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.8.196.131/; sid:901051032; rev:1;) alert tcp $HOME_NET any -> [76.56.193.146] 1828 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.56.193.146/; sid:901051031; rev:1;) alert tcp $HOME_NET any -> [151.15.166.243] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.15.166.243/; sid:901051030; rev:1;) alert tcp $HOME_NET any -> [237.57.71.32] 56969 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/237.57.71.32/; sid:901051029; rev:1;) alert tcp $HOME_NET any -> [117.255.75.58] 35819 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.75.58/; sid:901051028; rev:1;) alert tcp $HOME_NET any -> [67.66.208.137] 1081 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.66.208.137/; sid:901051027; rev:1;) alert tcp $HOME_NET any -> [211.1.1.80] 60237 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.1.1.80/; sid:901051026; rev:1;) alert tcp $HOME_NET any -> [68.139.4.36] 6180 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.139.4.36/; sid:901050993; rev:1;) alert tcp $HOME_NET any -> [68.137.32.36] 2084 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.137.32.36/; sid:901050992; rev:1;) alert tcp $HOME_NET any -> [76.137.73.209] 3108 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.137.73.209/; sid:901050991; rev:1;) alert tcp $HOME_NET any -> [28.36.84.139] 55177 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.36.84.139/; sid:901050990; rev:1;) alert tcp $HOME_NET any -> [144.195.192.148] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.192.148/; sid:901050988; rev:1;) alert tcp $HOME_NET any -> [72.139.0.139] 34292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.139.0.139/; sid:901050987; rev:1;) alert tcp $HOME_NET any -> [144.0.4.194] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.0.4.194/; sid:901050986; rev:1;) alert tcp $HOME_NET any -> [8.36.84.139] 4747 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.84.139/; sid:901050985; rev:1;) alert tcp $HOME_NET any -> [144.195.0.139] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.0.139/; sid:901050984; rev:1;) alert tcp $HOME_NET any -> [144.144.195.244] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.244/; sid:901050983; rev:1;) alert tcp $HOME_NET any -> [16.137.18.139] 1218 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.137.18.139/; sid:901050981; rev:1;) alert tcp $HOME_NET any -> [4.36.68.139] 21643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.68.139/; sid:901050980; rev:1;) alert tcp $HOME_NET any -> [24.196.131.216] 50011 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.196.131.216/; sid:901050979; rev:1;) alert tcp $HOME_NET any -> [133.255.255.235] 29888 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.255.255.235/; sid:901050978; rev:1;) alert tcp $HOME_NET any -> [137.216.1.4] 9220 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.216.1.4/; sid:901050977; rev:1;) alert tcp $HOME_NET any -> [190.15.8.36] 35273 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.8.36/; sid:901050976; rev:1;) alert tcp $HOME_NET any -> [144.195.91.24] 49705 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.91.24/; sid:901050975; rev:1;) alert tcp $HOME_NET any -> [83.139.26.139] 14836 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.139.26.139/; sid:901050974; rev:1;) alert tcp $HOME_NET any -> [36.36.76.138] 21643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.36.76.138/; sid:901050973; rev:1;) alert tcp $HOME_NET any -> [24.236.131.83] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.236.131.83/; sid:901050972; rev:1;) alert tcp $HOME_NET any -> [20.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.36.68.139/; sid:901050971; rev:1;) alert tcp $HOME_NET any -> [139.24.36.68] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.24.36.68/; sid:901050968; rev:1;) alert tcp $HOME_NET any -> [94.198.139.246] 35679 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.198.139.246/; sid:901050851; rev:1;) alert tcp $HOME_NET any -> [180.235.218.117] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.235.218.117/; sid:901050782; rev:1;) alert tcp $HOME_NET any -> [131.194.117.192] 749 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.194.117.192/; sid:901050781; rev:1;) alert tcp $HOME_NET any -> [25.232.36.4] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/25.232.36.4/; sid:901050780; rev:1;) alert tcp $HOME_NET any -> [139.4.36.68] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.4.36.68/; sid:901050779; rev:1;) alert tcp $HOME_NET any -> [15.8.36.124] 1207 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.8.36.124/; sid:901050778; rev:1;) alert tcp $HOME_NET any -> [8.36.124.137] 46863 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.124.137/; sid:901050777; rev:1;) alert tcp $HOME_NET any -> [131.80.20.141] 511 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.80.20.141/; sid:901050776; rev:1;) alert tcp $HOME_NET any -> [139.0.0.13] 35587 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.0.0.13/; sid:901050775; rev:1;) alert tcp $HOME_NET any -> [137.4.36.116] 9244 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.4.36.116/; sid:901050774; rev:1;) alert tcp $HOME_NET any -> [133.252.72.139] 32457 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.252.72.139/; sid:901050773; rev:1;) alert tcp $HOME_NET any -> [59.23.52.141] 63600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.23.52.141/; sid:901050772; rev:1;) alert tcp $HOME_NET any -> [209.41.31.255] 53049 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.41.31.255/; sid:901050771; rev:1;) alert tcp $HOME_NET any -> [80.139.3.139] 47604 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.139.3.139/; sid:901050770; rev:1;) alert tcp $HOME_NET any -> [93.95.94.91] 36291 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.94.91/; sid:901050769; rev:1;) alert tcp $HOME_NET any -> [137.13.117.255] 33752 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.13.117.255/; sid:901050768; rev:1;) alert tcp $HOME_NET any -> [139.52.36.124] 9324 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.52.36.124/; sid:901050767; rev:1;) alert tcp $HOME_NET any -> [139.28.236.131] 9308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.28.236.131/; sid:901050766; rev:1;) alert tcp $HOME_NET any -> [144.144.144.255] 3049 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.144.255/; sid:901050764; rev:1;) alert tcp $HOME_NET any -> [235.10.137.102] 51160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.10.137.102/; sid:901050763; rev:1;) alert tcp $HOME_NET any -> [150.235.199.137] 35686 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.235.199.137/; sid:901050762; rev:1;) alert tcp $HOME_NET any -> [94.91.28.196] 23903 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.91.28.196/; sid:901050761; rev:1;) alert tcp $HOME_NET any -> [139.255.255.217] 50947 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.255.217/; sid:901050760; rev:1;) alert tcp $HOME_NET any -> [137.4.36.108] 9236 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.4.36.108/; sid:901050759; rev:1;) alert tcp $HOME_NET any -> [137.49.116.1] 9340 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.49.116.1/; sid:901050758; rev:1;) alert tcp $HOME_NET any -> [141.106.44.141] 18452 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.106.44.141/; sid:901050757; rev:1;) alert tcp $HOME_NET any -> [139.16.139.52] 35587 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.16.139.52/; sid:901050756; rev:1;) alert tcp $HOME_NET any -> [36.116.137.23] 35076 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.116.137.23/; sid:901050755; rev:1;) alert tcp $HOME_NET any -> [131.6.119.248] 64632 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.6.119.248/; sid:901050754; rev:1;) alert tcp $HOME_NET any -> [141.244.72.139] 3892 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.244.72.139/; sid:901050753; rev:1;) alert tcp $HOME_NET any -> [121.119.253.57] 61225 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.119.253.57/; sid:901050752; rev:1;) alert tcp $HOME_NET any -> [139.52.36.76] 35601 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.52.36.76/; sid:901050751; rev:1;) alert tcp $HOME_NET any -> [36.68.183.15] 35080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.183.15/; sid:901050750; rev:1;) alert tcp $HOME_NET any -> [32.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.36.68.139/; sid:901050749; rev:1;) alert tcp $HOME_NET any -> [8.36.84.137] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.84.137/; sid:901050748; rev:1;) alert tcp $HOME_NET any -> [12.36.84.137] 21643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.36.84.137/; sid:901050747; rev:1;) alert tcp $HOME_NET any -> [139.36.36.68] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.36.36.68/; sid:901050746; rev:1;) alert tcp $HOME_NET any -> [144.144.195.93] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.93/; sid:901050745; rev:1;) alert tcp $HOME_NET any -> [196.131.216.137] 23324 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.216.137/; sid:901050744; rev:1;) alert tcp $HOME_NET any -> [187.217.114.244] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.217.114.244/; sid:901050743; rev:1;) alert tcp $HOME_NET any -> [131.7.139.67] 710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.7.139.67/; sid:901050742; rev:1;) alert tcp $HOME_NET any -> [52.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.36.68.139/; sid:901050741; rev:1;) alert tcp $HOME_NET any -> [48.4.183.15] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/48.4.183.15/; sid:901050740; rev:1;) alert tcp $HOME_NET any -> [133.60.36.108] 29933 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.60.36.108/; sid:901050739; rev:1;) alert tcp $HOME_NET any -> [139.48.36.124] 9308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.48.36.124/; sid:901050738; rev:1;) alert tcp $HOME_NET any -> [83.86.87.85] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.86.87.85/; sid:901050737; rev:1;) alert tcp $HOME_NET any -> [91.24.196.131] 37059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.24.196.131/; sid:901050736; rev:1;) alert tcp $HOME_NET any -> [4.36.92.137] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.92.137/; sid:901050734; rev:1;) alert tcp $HOME_NET any -> [40.36.68.139] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.36.68.139/; sid:901050733; rev:1;) alert tcp $HOME_NET any -> [36.36.92.139] 7305 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.36.92.139/; sid:901050732; rev:1;) alert tcp $HOME_NET any -> [144.144.0.0] 33619 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.0.0/; sid:901050731; rev:1;) alert tcp $HOME_NET any -> [36.68.137.8] 59656 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.137.8/; sid:901050730; rev:1;) alert tcp $HOME_NET any -> [195.28.196.131] 46863 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.28.196.131/; sid:901050729; rev:1;) alert tcp $HOME_NET any -> [232.36.4.137] 65396 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.36.4.137/; sid:901050728; rev:1;) alert tcp $HOME_NET any -> [201.199.93.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.199.93.30/; sid:901050712; rev:1;) alert tcp $HOME_NET any -> [79.129.0.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.0.173/; sid:901050708; rev:1;) alert tcp $HOME_NET any -> [187.150.150.127] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.150.150.127/; sid:901050704; rev:1;) alert tcp $HOME_NET any -> [81.213.215.216] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.215.216/; sid:901050703; rev:1;) alert tcp $HOME_NET any -> [4.36.84.137] 3209 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.84.137/; sid:901050664; rev:1;) alert tcp $HOME_NET any -> [44.116.1.255] 31881 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/44.116.1.255/; sid:901050663; rev:1;) alert tcp $HOME_NET any -> [62.109.0.169] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.0.169/; sid:900622381; rev:1;) alert tcp $HOME_NET any -> [91.121.116.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.116.137/; sid:901050599; rev:1;) alert tcp $HOME_NET any -> [148.251.185.185] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.185/; sid:900622380; rev:1;) alert tcp $HOME_NET any -> [194.36.189.168] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.168/; sid:900622382; rev:1;) alert tcp $HOME_NET any -> [46.30.42.63] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.42.63/; sid:900622378; rev:1;) alert tcp $HOME_NET any -> [103.75.118.176] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.118.176/; sid:900622377; rev:1;) alert tcp $HOME_NET any -> [212.112.113.235] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.112.113.235/; sid:901050278; rev:1;) alert tcp $HOME_NET any -> [203.99.182.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.182.135/; sid:901050274; rev:1;) alert tcp $HOME_NET any -> [95.216.207.86] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.216.207.86/; sid:901050258; rev:1;) alert tcp $HOME_NET any -> [186.139.205.130] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.139.205.130/; sid:901050254; rev:1;) alert tcp $HOME_NET any -> [108.166.188.146] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.166.188.146/; sid:901050248; rev:1;) alert tcp $HOME_NET any -> [116.203.117.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.117.76/; sid:901050247; rev:1;) alert tcp $HOME_NET any -> [212.80.218.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.218.133/; sid:900622373; rev:1;) alert tcp $HOME_NET any -> [187.177.154.167] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.154.167/; sid:901049795; rev:1;) alert tcp $HOME_NET any -> [190.85.152.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.152.186/; sid:901049045; rev:1;) alert tcp $HOME_NET any -> [189.136.50.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.136.50.227/; sid:901049032; rev:1;) alert tcp $HOME_NET any -> [186.1.41.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.1.41.111/; sid:901049031; rev:1;) alert tcp $HOME_NET any -> [196.149.141.232] 65534 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.149.141.232/; sid:901049030; rev:1;) alert tcp $HOME_NET any -> [171.198.232.240] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.198.232.240/; sid:901049029; rev:1;) alert tcp $HOME_NET any -> [139.211.139.32] 61517 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.211.139.32/; sid:901049028; rev:1;) alert tcp $HOME_NET any -> [100.0.64.244] 12543 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.0.64.244/; sid:901049027; rev:1;) alert tcp $HOME_NET any -> [51.236.69.137] 21952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.236.69.137/; sid:901049026; rev:1;) alert tcp $HOME_NET any -> [232.0.64.98] 46492 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.0.64.98/; sid:901049025; rev:1;) alert tcp $HOME_NET any -> [32.137.100.48] 104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.137.100.48/; sid:901049024; rev:1;) alert tcp $HOME_NET any -> [137.0.1.47] 61509 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.0.1.47/; sid:901049023; rev:1;) alert tcp $HOME_NET any -> [94.56.161.1] 64 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.56.161.1/; sid:901049022; rev:1;) alert tcp $HOME_NET any -> [56.161.1.178] 16478 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.161.1.178/; sid:901049021; rev:1;) alert tcp $HOME_NET any -> [233.0.0.2] 299 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.0.0.2/; sid:901049020; rev:1;) alert tcp $HOME_NET any -> [139.200.85.139] 64581 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.200.85.139/; sid:901049019; rev:1;) alert tcp $HOME_NET any -> [232.211.139.200] 18960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.211.139.200/; sid:901049018; rev:1;) alert tcp $HOME_NET any -> [192.132.0.0] 6773 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.132.0.0/; sid:901049017; rev:1;) alert tcp $HOME_NET any -> [69.141.80.0] 35788 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.141.80.0/; sid:901049016; rev:1;) alert tcp $HOME_NET any -> [228.69.141.37] 33768 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/228.69.141.37/; sid:901049015; rev:1;) alert tcp $HOME_NET any -> [1.6.59.232] 33792 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.6.59.232/; sid:901049014; rev:1;) alert tcp $HOME_NET any -> [85.141.32.137] 26360 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.141.32.137/; sid:901049013; rev:1;) alert tcp $HOME_NET any -> [173.232.252.69] 65517 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.232.252.69/; sid:901049012; rev:1;) alert tcp $HOME_NET any -> [220.117.255.220] 30207 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.117.255.220/; sid:901049011; rev:1;) alert tcp $HOME_NET any -> [137.0.1.74] 55365 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.0.1.74/; sid:901049010; rev:1;) alert tcp $HOME_NET any -> [125.232.252.69] 4 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.232.252.69/; sid:901049009; rev:1;) alert tcp $HOME_NET any -> [192.254.173.31] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.173.31/; sid:901048978; rev:1;) alert tcp $HOME_NET any -> [80.79.23.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.79.23.144/; sid:901048977; rev:1;) alert tcp $HOME_NET any -> [89.255.255.254] 17805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.255.255.254/; sid:901048944; rev:1;) alert tcp $HOME_NET any -> [69.139.32.137] 20488 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.139.32.137/; sid:901048943; rev:1;) alert tcp $HOME_NET any -> [216.139.83.0] 49203 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.139.83.0/; sid:901048942; rev:1;) alert tcp $HOME_NET any -> [195.93.89.91] 35669 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.93.89.91/; sid:901048941; rev:1;) alert tcp $HOME_NET any -> [1.71.51.233] 60160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.71.51.233/; sid:901048940; rev:1;) alert tcp $HOME_NET any -> [17.232.252.69] 331 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/17.232.252.69/; sid:901048939; rev:1;) alert tcp $HOME_NET any -> [119.104.16.137] 16612 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.104.16.137/; sid:901048938; rev:1;) alert tcp $HOME_NET any -> [192.51.255.255] 22874 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.51.255.255/; sid:901048937; rev:1;) alert tcp $HOME_NET any -> [235.255.255.251] 35597 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.255.255.251/; sid:901048935; rev:1;) alert tcp $HOME_NET any -> [116.192.132.211] 35600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.192.132.211/; sid:901048933; rev:1;) alert tcp $HOME_NET any -> [85.141.27.116] 35836 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.141.27.116/; sid:901048932; rev:1;) alert tcp $HOME_NET any -> [50.255.100.0] 35172 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.255.100.0/; sid:901048931; rev:1;) alert tcp $HOME_NET any -> [85.210.51.242] 28776 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.210.51.242/; sid:901048930; rev:1;) alert tcp $HOME_NET any -> [106.236.139.85] 21248 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.236.139.85/; sid:901048929; rev:1;) alert tcp $HOME_NET any -> [91.94.95.240] 23897 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.95.240/; sid:901048928; rev:1;) alert tcp $HOME_NET any -> [161.233.195.0] 327 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.233.195.0/; sid:901048927; rev:1;) alert tcp $HOME_NET any -> [16.137.100.89] 2408 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.137.100.89/; sid:901048926; rev:1;) alert tcp $HOME_NET any -> [139.0.0.40] 64597 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.0.0.40/; sid:901048924; rev:1;) alert tcp $HOME_NET any -> [211.139.252.77] 51083 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.139.252.77/; sid:901048923; rev:1;) alert tcp $HOME_NET any -> [163.15.3.119] 29638 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.15.3.119/; sid:901048922; rev:1;) alert tcp $HOME_NET any -> [139.219.51.0] 33731 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.219.51.0/; sid:901048921; rev:1;) alert tcp $HOME_NET any -> [11.178.252.64] 27624 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/11.178.252.64/; sid:901048920; rev:1;) alert tcp $HOME_NET any -> [56.139.1.64] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.139.1.64/; sid:901048919; rev:1;) alert tcp $HOME_NET any -> [91.94.95.199] 49757 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.95.199/; sid:901048887; rev:1;) alert tcp $HOME_NET any -> [1.35.115.232] 25600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.35.115.232/; sid:901048886; rev:1;) alert tcp $HOME_NET any -> [199.139.16.71] 56196 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.139.16.71/; sid:901048885; rev:1;) alert tcp $HOME_NET any -> [12.119.137.0] 17802 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.119.137.0/; sid:901048884; rev:1;) alert tcp $HOME_NET any -> [199.139.210.51] 46056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.139.210.51/; sid:901048883; rev:1;) alert tcp $HOME_NET any -> [196.131.8.116] 59632 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.8.116/; sid:901048882; rev:1;) alert tcp $HOME_NET any -> [94.95.93.221] 50011 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.95.93.221/; sid:901048880; rev:1;) alert tcp $HOME_NET any -> [235.255.255.119] 17156 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.255.255.119/; sid:901048879; rev:1;) alert tcp $HOME_NET any -> [80.71.139.16] 54155 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.139.16/; sid:901048878; rev:1;) alert tcp $HOME_NET any -> [17.117.232.59] 49203 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/17.117.232.59/; sid:901048877; rev:1;) alert tcp $HOME_NET any -> [232.211.139.80] 30852 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.211.139.80/; sid:901048876; rev:1;) alert tcp $HOME_NET any -> [70.38.124.246] 56115 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.38.124.246/; sid:901048875; rev:1;) alert tcp $HOME_NET any -> [139.80.71.139] 2160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.80.71.139/; sid:901048874; rev:1;) alert tcp $HOME_NET any -> [85.87.86.83] 60043 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.87.86.83/; sid:901048873; rev:1;) alert tcp $HOME_NET any -> [73.232.80.64] 65399 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.232.80.64/; sid:901048872; rev:1;) alert tcp $HOME_NET any -> [195.91.56.83] 17033 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.91.56.83/; sid:901048871; rev:1;) alert tcp $HOME_NET any -> [208.139.216.139] 17291 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.139.216.139/; sid:901048870; rev:1;) alert tcp $HOME_NET any -> [120.131.102.83] 58 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.131.102.83/; sid:901048869; rev:1;) alert tcp $HOME_NET any -> [8.194.93.91] 36864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.194.93.91/; sid:901048868; rev:1;) alert tcp $HOME_NET any -> [12.69.139.64] 17289 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.69.139.64/; sid:901048867; rev:1;) alert tcp $HOME_NET any -> [139.231.117.78] 2117 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.231.117.78/; sid:901048866; rev:1;) alert tcp $HOME_NET any -> [16.139.255.255] 21247 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.139.255.255/; sid:901048865; rev:1;) alert tcp $HOME_NET any -> [67.139.215.139] 59472 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.139.215.139/; sid:901048864; rev:1;) alert tcp $HOME_NET any -> [117.255.255.51] 65292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.255.51/; sid:901048863; rev:1;) alert tcp $HOME_NET any -> [133.78.8.112] 31990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.78.8.112/; sid:901048862; rev:1;) alert tcp $HOME_NET any -> [58.116.68.67] 17291 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.116.68.67/; sid:901048861; rev:1;) alert tcp $HOME_NET any -> [8.117.64.67] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.117.64.67/; sid:901048860; rev:1;) alert tcp $HOME_NET any -> [216.139.87.86] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.139.87.86/; sid:901048859; rev:1;) alert tcp $HOME_NET any -> [67.225.229.55] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.225.229.55/; sid:901048028; rev:1;) alert tcp $HOME_NET any -> [181.97.70.132] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.97.70.132/; sid:901048026; rev:1;) alert tcp $HOME_NET any -> [201.196.15.79] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.196.15.79/; sid:901048019; rev:1;) alert tcp $HOME_NET any -> [94.183.71.206] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.71.206/; sid:901048012; rev:1;) alert tcp $HOME_NET any -> [181.53.252.85] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.53.252.85/; sid:901048007; rev:1;) alert tcp $HOME_NET any -> [204.204.204.204] 52428 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.204.204.204/; sid:901047708; rev:1;) alert tcp $HOME_NET any -> [113.170.129.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.170.129.113/; sid:901047392; rev:1;) alert tcp $HOME_NET any -> [80.227.67.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.227.67.18/; sid:901047346; rev:1;) alert tcp $HOME_NET any -> [51.38.134.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.134.203/; sid:901047343; rev:1;) alert tcp $HOME_NET any -> [200.114.134.8] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.134.8/; sid:901047342; rev:1;) alert tcp $HOME_NET any -> [181.57.102.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.102.203/; sid:901047328; rev:1;) alert tcp $HOME_NET any -> [181.231.62.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.231.62.54/; sid:901047327; rev:1;) alert tcp $HOME_NET any -> [117.192.132.89] 35612 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.192.132.89/; sid:901047325; rev:1;) alert tcp $HOME_NET any -> [232.85.39.117] 65384 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.85.39.117/; sid:901047324; rev:1;) alert tcp $HOME_NET any -> [192.51.81.81] 26709 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.51.81.81/; sid:901047322; rev:1;) alert tcp $HOME_NET any -> [51.236.139.85] 20937 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.236.139.85/; sid:901047321; rev:1;) alert tcp $HOME_NET any -> [91.192.148.15] 50013 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.192.148.15/; sid:901047320; rev:1;) alert tcp $HOME_NET any -> [69.139.252.88] 15112 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.139.252.88/; sid:901047319; rev:1;) alert tcp $HOME_NET any -> [6.116.192.132] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.116.192.132/; sid:901047318; rev:1;) alert tcp $HOME_NET any -> [113.232.195.139] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.232.195.139/; sid:901047317; rev:1;) alert tcp $HOME_NET any -> [69.139.80.8] 35592 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.139.80.8/; sid:901047316; rev:1;) alert tcp $HOME_NET any -> [139.216.139.0] 2117 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.216.139.0/; sid:901047315; rev:1;) alert tcp $HOME_NET any -> [32.64.139.252] 7144 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.64.139.252/; sid:901047314; rev:1;) alert tcp $HOME_NET any -> [132.89.255.255] 29888 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.89.255.255/; sid:901047311; rev:1;) alert tcp $HOME_NET any -> [8.64.139.8] 59472 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.64.139.8/; sid:901047310; rev:1;) alert tcp $HOME_NET any -> [91.94.1.176] 50013 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.1.176/; sid:901047308; rev:1;) alert tcp $HOME_NET any -> [4.117.192.132] 49203 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.117.192.132/; sid:901047307; rev:1;) alert tcp $HOME_NET any -> [232.8.67.139] 17708 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.8.67.139/; sid:901047306; rev:1;) alert tcp $HOME_NET any -> [117.4.70.59] 35599 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.4.70.59/; sid:901047305; rev:1;) alert tcp $HOME_NET any -> [64.139.8.69] 35836 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.139.8.69/; sid:901047304; rev:1;) alert tcp $HOME_NET any -> [133.33.117.4] 29942 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.33.117.4/; sid:901047303; rev:1;) alert tcp $HOME_NET any -> [139.252.64.139] 10304 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.252.64.139/; sid:901047302; rev:1;) alert tcp $HOME_NET any -> [116.219.133.216] 35631 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.219.133.216/; sid:901047301; rev:1;) alert tcp $HOME_NET any -> [110.119.79.46] 29285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.119.79.46/; sid:901047299; rev:1;) alert tcp $HOME_NET any -> [67.137.102.255] 24090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.137.102.255/; sid:901047298; rev:1;) alert tcp $HOME_NET any -> [198.139.216.139] 48104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.139.216.139/; sid:901047297; rev:1;) alert tcp $HOME_NET any -> [195.91.94.24] 22099 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.91.94.24/; sid:901047296; rev:1;) alert tcp $HOME_NET any -> [91.94.1.0] 37059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.1.0/; sid:901047295; rev:1;) alert tcp $HOME_NET any -> [139.255.255.128] 35795 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.255.128/; sid:901047294; rev:1;) alert tcp $HOME_NET any -> [139.214.139.19] 5187 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.214.139.19/; sid:901047293; rev:1;) alert tcp $HOME_NET any -> [139.20.67.137] 35798 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.20.67.137/; sid:901047292; rev:1;) alert tcp $HOME_NET any -> [232.0.64.80] 10700 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.0.64.80/; sid:901047291; rev:1;) alert tcp $HOME_NET any -> [15.117.0.20] 434 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.117.0.20/; sid:901047290; rev:1;) alert tcp $HOME_NET any -> [4.70.59.5] 13940 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.70.59.5/; sid:901047289; rev:1;) alert tcp $HOME_NET any -> [67.139.216.139] 34052 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.139.216.139/; sid:901047288; rev:1;) alert tcp $HOME_NET any -> [195.0.0.1] 22099 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.0.0.1/; sid:901047287; rev:1;) alert tcp $HOME_NET any -> [8.28.64.246] 1397 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.28.64.246/; sid:901047286; rev:1;) alert tcp $HOME_NET any -> [126.0.36.60] 35591 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.0.36.60/; sid:901047285; rev:1;) alert tcp $HOME_NET any -> [137.232.195.139] 65416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.232.195.139/; sid:901047284; rev:1;) alert tcp $HOME_NET any -> [20.138.0.0] 32804 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.138.0.0/; sid:901047283; rev:1;) alert tcp $HOME_NET any -> [139.7.116.192] 59603 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.7.116.192/; sid:901047282; rev:1;) alert tcp $HOME_NET any -> [133.20.115.139] 29942 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.115.139/; sid:901047281; rev:1;) alert tcp $HOME_NET any -> [139.211.139.1] 65328 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.211.139.1/; sid:901047280; rev:1;) alert tcp $HOME_NET any -> [221.232.198.139] 65410 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.232.198.139/; sid:901047279; rev:1;) alert tcp $HOME_NET any -> [20.235.43.116] 22155 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.235.43.116/; sid:901047278; rev:1;) alert tcp $HOME_NET any -> [139.36.20.136] 35800 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.36.20.136/; sid:901047277; rev:1;) alert tcp $HOME_NET any -> [232.81.86.83] 11856 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.81.86.83/; sid:901047276; rev:1;) alert tcp $HOME_NET any -> [92.233.128.13] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.233.128.13/; sid:901047267; rev:1;) alert tcp $HOME_NET any -> [161.83.216.196] 25776 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.83.216.196/; sid:901047243; rev:1;) alert tcp $HOME_NET any -> [105.87.108.105] 25710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.87.108.105/; sid:901047242; rev:1;) alert tcp $HOME_NET any -> [144.195.0.71] 20564 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.0.71/; sid:901047241; rev:1;) alert tcp $HOME_NET any -> [80.137.0.71] 41733 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.137.0.71/; sid:901047240; rev:1;) alert tcp $HOME_NET any -> [14.116.192.133] 5515 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.116.192.133/; sid:901047239; rev:1;) alert tcp $HOME_NET any -> [91.94.95.9] 49757 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.95.9/; sid:901047238; rev:1;) alert tcp $HOME_NET any -> [139.5.83.137] 3157 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.83.137/; sid:901047237; rev:1;) alert tcp $HOME_NET any -> [137.5.83.139] 35607 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.5.83.139/; sid:901047236; rev:1;) alert tcp $HOME_NET any -> [139.13.195.131] 11203 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.195.131/; sid:901047235; rev:1;) alert tcp $HOME_NET any -> [137.7.139.1] 1347 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.7.139.1/; sid:901047234; rev:1;) alert tcp $HOME_NET any -> [232.3.198.10] 22157 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.3.198.10/; sid:901047233; rev:1;) alert tcp $HOME_NET any -> [137.255.255.255] 1606 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.255.255.255/; sid:901047232; rev:1;) alert tcp $HOME_NET any -> [141.0.65.3] 1350 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.0.65.3/; sid:901047231; rev:1;) alert tcp $HOME_NET any -> [14.42.232.0] 1 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.42.232.0/; sid:901047230; rev:1;) alert tcp $HOME_NET any -> [6.137.0.71] 22157 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.137.0.71/; sid:901047229; rev:1;) alert tcp $HOME_NET any -> [139.0.4.255] 41456 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.0.4.255/; sid:901047228; rev:1;) alert tcp $HOME_NET any -> [131.0.71.101] 63 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.71.101/; sid:901047227; rev:1;) alert tcp $HOME_NET any -> [83.236.139.85] 22358 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.236.139.85/; sid:901047226; rev:1;) alert tcp $HOME_NET any -> [43.5.192.131] 35792 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.5.192.131/; sid:901047225; rev:1;) alert tcp $HOME_NET any -> [194.93.88.12] 16 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.93.88.12/; sid:901047224; rev:1;) alert tcp $HOME_NET any -> [4.65.139.226] 4607 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.65.139.226/; sid:901047223; rev:1;) alert tcp $HOME_NET any -> [16.117.255.20] 30207 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.117.255.20/; sid:901047222; rev:1;) alert tcp $HOME_NET any -> [49.236.139.85] 20672 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.236.139.85/; sid:901047221; rev:1;) alert tcp $HOME_NET any -> [94.95.0.1] 23899 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.95.0.1/; sid:901047220; rev:1;) alert tcp $HOME_NET any -> [142.93.82.57] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.82.57/; sid:901046387; rev:1;) alert tcp $HOME_NET any -> [201.183.247.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.247.58/; sid:901046378; rev:1;) alert tcp $HOME_NET any -> [78.189.76.2] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.76.2/; sid:901046364; rev:1;) alert tcp $HOME_NET any -> [76.69.29.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.69.29.42/; sid:901046363; rev:1;) alert tcp $HOME_NET any -> [187.235.239.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.235.239.214/; sid:901046361; rev:1;) alert tcp $HOME_NET any -> [89.32.150.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.150.160/; sid:901046357; rev:1;) alert tcp $HOME_NET any -> [74.208.74.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.74.92/; sid:901046356; rev:1;) alert tcp $HOME_NET any -> [93.123.73.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.123.73.37/; sid:900622358; rev:1;) alert tcp $HOME_NET any -> [5.182.210.212] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.212/; sid:900622356; rev:1;) alert tcp $HOME_NET any -> [51.89.115.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.109/; sid:900622357; rev:1;) alert tcp $HOME_NET any -> [29.199.193.86] 63059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/29.199.193.86/; sid:901044755; rev:1;) alert tcp $HOME_NET any -> [108.114.162.35] 59622 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.114.162.35/; sid:901044754; rev:1;) alert tcp $HOME_NET any -> [100.105.24.208] 461 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.105.24.208/; sid:901044753; rev:1;) alert tcp $HOME_NET any -> [145.34.142.246] 11177 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.34.142.246/; sid:901044752; rev:1;) alert tcp $HOME_NET any -> [54.197.217.75] 13454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.197.217.75/; sid:901044751; rev:1;) alert tcp $HOME_NET any -> [196.173.85.5] 46475 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.173.85.5/; sid:901044750; rev:1;) alert tcp $HOME_NET any -> [81.217.76.38] 48814 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.217.76.38/; sid:901044749; rev:1;) alert tcp $HOME_NET any -> [72.54.204.52] 46022 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.54.204.52/; sid:901044748; rev:1;) alert tcp $HOME_NET any -> [178.185.182.239] 20196 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.185.182.239/; sid:901044747; rev:1;) alert tcp $HOME_NET any -> [213.180.29.23] 27787 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.180.29.23/; sid:901044746; rev:1;) alert tcp $HOME_NET any -> [107.20.198.107] 61391 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.20.198.107/; sid:901044745; rev:1;) alert tcp $HOME_NET any -> [205.30.198.188] 38275 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.30.198.188/; sid:901044744; rev:1;) alert tcp $HOME_NET any -> [184.90.112.240] 22285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.90.112.240/; sid:901044743; rev:1;) alert tcp $HOME_NET any -> [14.105.183.39] 2790 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.105.183.39/; sid:901044742; rev:1;) alert tcp $HOME_NET any -> [139.115.150.60] 38567 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.115.150.60/; sid:901044741; rev:1;) alert tcp $HOME_NET any -> [115.41.76.31] 12906 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.41.76.31/; sid:901044740; rev:1;) alert tcp $HOME_NET any -> [66.46.99.32] 1358 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.46.99.32/; sid:901044739; rev:1;) alert tcp $HOME_NET any -> [97.209.1.205] 59609 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.209.1.205/; sid:901044738; rev:1;) alert tcp $HOME_NET any -> [184.38.32.9] 43663 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.38.32.9/; sid:901044737; rev:1;) alert tcp $HOME_NET any -> [150.227.45.203] 64456 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.227.45.203/; sid:901044736; rev:1;) alert tcp $HOME_NET any -> [74.159.64.191] 6943 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.159.64.191/; sid:901044735; rev:1;) alert tcp $HOME_NET any -> [222.180.41.29] 25918 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.180.41.29/; sid:901044734; rev:1;) alert tcp $HOME_NET any -> [34.240.194.222] 46130 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.240.194.222/; sid:901044733; rev:1;) alert tcp $HOME_NET any -> [201.120.225.193] 2200 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.120.225.193/; sid:901044732; rev:1;) alert tcp $HOME_NET any -> [220.188.203.118] 35811 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.188.203.118/; sid:901044731; rev:1;) alert tcp $HOME_NET any -> [15.22.77.78] 38438 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.22.77.78/; sid:901044730; rev:1;) alert tcp $HOME_NET any -> [68.58.187.245] 53841 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.58.187.245/; sid:901044729; rev:1;) alert tcp $HOME_NET any -> [142.76.37.186] 49014 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.76.37.186/; sid:901044728; rev:1;) alert tcp $HOME_NET any -> [188.107.20.34] 21492 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.107.20.34/; sid:901044727; rev:1;) alert tcp $HOME_NET any -> [193.163.105.225] 31366 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.163.105.225/; sid:901044726; rev:1;) alert tcp $HOME_NET any -> [232.242.51.251] 30884 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.242.51.251/; sid:901044725; rev:1;) alert tcp $HOME_NET any -> [76.129.217.110] 10711 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.129.217.110/; sid:901044724; rev:1;) alert tcp $HOME_NET any -> [29.170.153.234] 24077 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/29.170.153.234/; sid:901044723; rev:1;) alert tcp $HOME_NET any -> [32.185.175.181] 52388 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.185.175.181/; sid:901044722; rev:1;) alert tcp $HOME_NET any -> [91.241.247.140] 43765 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.241.247.140/; sid:901044721; rev:1;) alert tcp $HOME_NET any -> [156.6.143.9] 7901 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.6.143.9/; sid:901044720; rev:1;) alert tcp $HOME_NET any -> [131.44.231.116] 29470 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.44.231.116/; sid:901044719; rev:1;) alert tcp $HOME_NET any -> [122.123.148.180] 33731 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.123.148.180/; sid:901044718; rev:1;) alert tcp $HOME_NET any -> [167.113.111.229] 62138 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.113.111.229/; sid:901044717; rev:1;) alert tcp $HOME_NET any -> [224.111.122.42] 8105 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/224.111.122.42/; sid:901044716; rev:1;) alert tcp $HOME_NET any -> [139.129.25.208] 63844 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.129.25.208/; sid:901044715; rev:1;) alert tcp $HOME_NET any -> [47.153.63.225] 35163 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.153.63.225/; sid:901044714; rev:1;) alert tcp $HOME_NET any -> [223.153.82.78] 4066 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.153.82.78/; sid:901044713; rev:1;) alert tcp $HOME_NET any -> [219.102.89.195] 14780 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.102.89.195/; sid:901044712; rev:1;) alert tcp $HOME_NET any -> [162.184.46.224] 31765 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.184.46.224/; sid:901044711; rev:1;) alert tcp $HOME_NET any -> [190.16.252.241] 41416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.252.241/; sid:901044710; rev:1;) alert tcp $HOME_NET any -> [54.88.155.215] 51960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.88.155.215/; sid:901044709; rev:1;) alert tcp $HOME_NET any -> [71.94.141.239] 2859 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.94.141.239/; sid:901044708; rev:1;) alert tcp $HOME_NET any -> [186.144.254.84] 64416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.144.254.84/; sid:901044707; rev:1;) alert tcp $HOME_NET any -> [141.247.234.200] 50866 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.247.234.200/; sid:901044706; rev:1;) alert tcp $HOME_NET any -> [102.125.248.86] 43884 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.125.248.86/; sid:901044705; rev:1;) alert tcp $HOME_NET any -> [44.8.86.110] 58442 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/44.8.86.110/; sid:901044704; rev:1;) alert tcp $HOME_NET any -> [192.87.31.72] 17340 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.87.31.72/; sid:901044703; rev:1;) alert tcp $HOME_NET any -> [11.127.187.147] 45368 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/11.127.187.147/; sid:901044702; rev:1;) alert tcp $HOME_NET any -> [69.104.201.121] 40901 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.104.201.121/; sid:901044701; rev:1;) alert tcp $HOME_NET any -> [66.221.187.153] 17061 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.221.187.153/; sid:901044700; rev:1;) alert tcp $HOME_NET any -> [99.193.34.195] 33673 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.193.34.195/; sid:901044699; rev:1;) alert tcp $HOME_NET any -> [20.66.139.82] 45863 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.66.139.82/; sid:901044474; rev:1;) alert tcp $HOME_NET any -> [213.232.76.14] 30793 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.232.76.14/; sid:901044473; rev:1;) alert tcp $HOME_NET any -> [213.212.56.64] 50237 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.212.56.64/; sid:901044472; rev:1;) alert tcp $HOME_NET any -> [31.244.28.32] 7917 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.244.28.32/; sid:901044471; rev:1;) alert tcp $HOME_NET any -> [61.195.105.5] 17996 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.195.105.5/; sid:901044470; rev:1;) alert tcp $HOME_NET any -> [34.199.184.12] 1239 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.199.184.12/; sid:901044469; rev:1;) alert tcp $HOME_NET any -> [16.106.113.138] 18454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.106.113.138/; sid:901044468; rev:1;) alert tcp $HOME_NET any -> [82.135.250.134] 10377 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.135.250.134/; sid:901044467; rev:1;) alert tcp $HOME_NET any -> [122.186.220.242] 41344 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.186.220.242/; sid:901044466; rev:1;) alert tcp $HOME_NET any -> [104.171.128.0] 50280 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.171.128.0/; sid:901044465; rev:1;) alert tcp $HOME_NET any -> [14.2.21.128] 47042 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.2.21.128/; sid:901044464; rev:1;) alert tcp $HOME_NET any -> [132.144.202.40] 3266 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.144.202.40/; sid:901044463; rev:1;) alert tcp $HOME_NET any -> [145.106.109.168] 37588 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.106.109.168/; sid:901044462; rev:1;) alert tcp $HOME_NET any -> [203.18.33.103] 41767 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.18.33.103/; sid:901044461; rev:1;) alert tcp $HOME_NET any -> [200.117.159.231] 32794 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.117.159.231/; sid:901044460; rev:1;) alert tcp $HOME_NET any -> [96.85.120.0] 28491 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.85.120.0/; sid:901044459; rev:1;) alert tcp $HOME_NET any -> [126.126.244.65] 37489 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.126.244.65/; sid:901044458; rev:1;) alert tcp $HOME_NET any -> [121.215.107.191] 32700 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.215.107.191/; sid:901044457; rev:1;) alert tcp $HOME_NET any -> [233.176.96.119] 42528 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.176.96.119/; sid:901044456; rev:1;) alert tcp $HOME_NET any -> [223.225.28.55] 37304 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.225.28.55/; sid:901044455; rev:1;) alert tcp $HOME_NET any -> [234.170.106.16] 4057 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.170.106.16/; sid:901044454; rev:1;) alert tcp $HOME_NET any -> [137.112.67.51] 44486 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.112.67.51/; sid:901044453; rev:1;) alert tcp $HOME_NET any -> [140.3.205.77] 46834 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.3.205.77/; sid:901044452; rev:1;) alert tcp $HOME_NET any -> [93.11.62.243] 58516 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.11.62.243/; sid:901044451; rev:1;) alert tcp $HOME_NET any -> [168.109.23.58] 59453 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.109.23.58/; sid:901044450; rev:1;) alert tcp $HOME_NET any -> [96.77.15.190] 6860 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.77.15.190/; sid:901044449; rev:1;) alert tcp $HOME_NET any -> [130.132.163.29] 38568 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.132.163.29/; sid:901044384; rev:1;) alert tcp $HOME_NET any -> [74.194.23.99] 662 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.194.23.99/; sid:901044383; rev:1;) alert tcp $HOME_NET any -> [106.239.164.220] 54408 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.239.164.220/; sid:901044382; rev:1;) alert tcp $HOME_NET any -> [112.17.67.75] 6712 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.17.67.75/; sid:901044381; rev:1;) alert tcp $HOME_NET any -> [155.133.163.23] 30830 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.133.163.23/; sid:901044380; rev:1;) alert tcp $HOME_NET any -> [232.70.223.22] 60784 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.70.223.22/; sid:901044379; rev:1;) alert tcp $HOME_NET any -> [216.136.132.89] 39137 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.136.132.89/; sid:901044378; rev:1;) alert tcp $HOME_NET any -> [206.84.3.115] 29117 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.84.3.115/; sid:901044377; rev:1;) alert tcp $HOME_NET any -> [110.213.80.89] 4321 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.213.80.89/; sid:901044376; rev:1;) alert tcp $HOME_NET any -> [98.99.147.113] 5111 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.99.147.113/; sid:901044375; rev:1;) alert tcp $HOME_NET any -> [149.190.241.48] 14379 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.190.241.48/; sid:901044374; rev:1;) alert tcp $HOME_NET any -> [109.156.62.40] 22116 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.156.62.40/; sid:901044373; rev:1;) alert tcp $HOME_NET any -> [123.98.227.193] 48446 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.98.227.193/; sid:901044372; rev:1;) alert tcp $HOME_NET any -> [182.132.116.36] 4698 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.132.116.36/; sid:901044371; rev:1;) alert tcp $HOME_NET any -> [110.94.93.15] 7836 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.94.93.15/; sid:901044370; rev:1;) alert tcp $HOME_NET any -> [149.92.161.76] 23970 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.92.161.76/; sid:901044369; rev:1;) alert tcp $HOME_NET any -> [73.60.66.9] 77 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.60.66.9/; sid:901044368; rev:1;) alert tcp $HOME_NET any -> [11.29.45.178] 5454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/11.29.45.178/; sid:901044367; rev:1;) alert tcp $HOME_NET any -> [187.142.104.70] 50586 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.142.104.70/; sid:901044366; rev:1;) alert tcp $HOME_NET any -> [73.135.92.33] 27367 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.135.92.33/; sid:901044365; rev:1;) alert tcp $HOME_NET any -> [66.61.180.205] 24196 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.61.180.205/; sid:901044364; rev:1;) alert tcp $HOME_NET any -> [16.250.226.249] 21941 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.250.226.249/; sid:901044363; rev:1;) alert tcp $HOME_NET any -> [96.184.57.180] 19860 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.184.57.180/; sid:901044362; rev:1;) alert tcp $HOME_NET any -> [233.129.117.191] 24308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.129.117.191/; sid:901044361; rev:1;) alert tcp $HOME_NET any -> [18.202.235.151] 12022 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.202.235.151/; sid:901044360; rev:1;) alert tcp $HOME_NET any -> [136.128.170.61] 6482 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.128.170.61/; sid:901044359; rev:1;) alert tcp $HOME_NET any -> [15.248.175.120] 52715 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.248.175.120/; sid:901044358; rev:1;) alert tcp $HOME_NET any -> [120.238.117.27] 31168 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.238.117.27/; sid:901044357; rev:1;) alert tcp $HOME_NET any -> [217.184.191.40] 24398 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.184.191.40/; sid:901044356; rev:1;) alert tcp $HOME_NET any -> [172.208.138.206] 41543 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.208.138.206/; sid:901044355; rev:1;) alert tcp $HOME_NET any -> [36.68.141.0] 20480 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.141.0/; sid:901044354; rev:1;) alert tcp $HOME_NET any -> [220.1.221.81] 24589 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.1.221.81/; sid:901044353; rev:1;) alert tcp $HOME_NET any -> [24.232.131.3] 22873 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.131.3/; sid:901044352; rev:1;) alert tcp $HOME_NET any -> [96.13.220.12] 18173 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.13.220.12/; sid:901044351; rev:1;) alert tcp $HOME_NET any -> [232.36.28.221] 20281 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.36.28.221/; sid:901044350; rev:1;) alert tcp $HOME_NET any -> [36.68.141.1] 20480 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.141.1/; sid:901044349; rev:1;) alert tcp $HOME_NET any -> [8.194.94.255] 20736 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.194.94.255/; sid:901044348; rev:1;) alert tcp $HOME_NET any -> [12.36.76.139] 46312 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.36.76.139/; sid:901044347; rev:1;) alert tcp $HOME_NET any -> [32.232.80.8] 65528 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.232.80.8/; sid:901044346; rev:1;) alert tcp $HOME_NET any -> [116.139.86.4] 3108 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.139.86.4/; sid:901044345; rev:1;) alert tcp $HOME_NET any -> [16.194.255.255] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.194.255.255/; sid:901044344; rev:1;) alert tcp $HOME_NET any -> [28.221.12.36] 59428 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.221.12.36/; sid:901044343; rev:1;) alert tcp $HOME_NET any -> [68.221.81.81] 4132 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.221.81.81/; sid:901044342; rev:1;) alert tcp $HOME_NET any -> [232.8.36.76] 62795 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.8.36.76/; sid:901044341; rev:1;) alert tcp $HOME_NET any -> [199.7.115.158] 2113 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.7.115.158/; sid:901044340; rev:1;) alert tcp $HOME_NET any -> [158.224.223.0] 3447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.224.223.0/; sid:901044339; rev:1;) alert tcp $HOME_NET any -> [220.1.221.0] 20509 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.1.221.0/; sid:901044338; rev:1;) alert tcp $HOME_NET any -> [8.69.139.244] 24159 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.69.139.244/; sid:901044337; rev:1;) alert tcp $HOME_NET any -> [193.88.232.240] 2 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.88.232.240/; sid:901044336; rev:1;) alert tcp $HOME_NET any -> [101.128.236.117] 252 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.128.236.117/; sid:901044335; rev:1;) alert tcp $HOME_NET any -> [2.232.8.117] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.232.8.117/; sid:901044334; rev:1;) alert tcp $HOME_NET any -> [117.255.0.2] 35824 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.0.2/; sid:901044333; rev:1;) alert tcp $HOME_NET any -> [117.137.12.117] 59644 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.137.12.117/; sid:901044332; rev:1;) alert tcp $HOME_NET any -> [141.1.106.240] 61517 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.1.106.240/; sid:901044331; rev:1;) alert tcp $HOME_NET any -> [87.86.0.236] 63883 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.86.0.236/; sid:901044330; rev:1;) alert tcp $HOME_NET any -> [4.84.161.81] 72 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.84.161.81/; sid:901044329; rev:1;) alert tcp $HOME_NET any -> [105.232.0.70] 25 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.232.0.70/; sid:901044328; rev:1;) alert tcp $HOME_NET any -> [175.19.159.180] 7612 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.19.159.180/; sid:901044327; rev:1;) alert tcp $HOME_NET any -> [13.212.190.62] 45415 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/13.212.190.62/; sid:901044326; rev:1;) alert tcp $HOME_NET any -> [70.74.102.169] 51789 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.74.102.169/; sid:901044325; rev:1;) alert tcp $HOME_NET any -> [57.53.113.209] 1784 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.53.113.209/; sid:901044324; rev:1;) alert tcp $HOME_NET any -> [232.245.179.64] 55573 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.245.179.64/; sid:901044323; rev:1;) alert tcp $HOME_NET any -> [116.135.91.57] 26704 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.135.91.57/; sid:901044322; rev:1;) alert tcp $HOME_NET any -> [112.180.149.8] 34995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.180.149.8/; sid:901044321; rev:1;) alert tcp $HOME_NET any -> [175.31.60.2] 47902 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.31.60.2/; sid:901044320; rev:1;) alert tcp $HOME_NET any -> [42.7.18.251] 3749 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.7.18.251/; sid:901044319; rev:1;) alert tcp $HOME_NET any -> [56.236.82.228] 47477 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.236.82.228/; sid:901044318; rev:1;) alert tcp $HOME_NET any -> [36.141.252.119] 57443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.141.252.119/; sid:901044317; rev:1;) alert tcp $HOME_NET any -> [114.128.97.195] 42401 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.128.97.195/; sid:901044316; rev:1;) alert tcp $HOME_NET any -> [111.133.22.86] 6789 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.133.22.86/; sid:901044315; rev:1;) alert tcp $HOME_NET any -> [216.209.141.55] 20687 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.209.141.55/; sid:901044314; rev:1;) alert tcp $HOME_NET any -> [28.138.174.59] 34068 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.138.174.59/; sid:901044313; rev:1;) alert tcp $HOME_NET any -> [131.197.69.45] 25030 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.197.69.45/; sid:901044312; rev:1;) alert tcp $HOME_NET any -> [150.213.194.222] 31303 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.213.194.222/; sid:901044311; rev:1;) alert tcp $HOME_NET any -> [9.64.198.105] 34523 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.64.198.105/; sid:901044310; rev:1;) alert tcp $HOME_NET any -> [38.81.33.5] 32619 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.81.33.5/; sid:901044309; rev:1;) alert tcp $HOME_NET any -> [144.57.58.236] 43292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.57.58.236/; sid:901044308; rev:1;) alert tcp $HOME_NET any -> [97.204.19.221] 30504 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.204.19.221/; sid:901044307; rev:1;) alert tcp $HOME_NET any -> [166.104.135.99] 176 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.104.135.99/; sid:901044306; rev:1;) alert tcp $HOME_NET any -> [135.187.28.87] 54987 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.187.28.87/; sid:901044305; rev:1;) alert tcp $HOME_NET any -> [141.214.42.95] 23551 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.214.42.95/; sid:901044304; rev:1;) alert tcp $HOME_NET any -> [52.70.229.200] 30671 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.70.229.200/; sid:901044303; rev:1;) alert tcp $HOME_NET any -> [174.92.121.2] 13433 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.92.121.2/; sid:901044302; rev:1;) alert tcp $HOME_NET any -> [184.66.33.96] 48681 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.66.33.96/; sid:901044301; rev:1;) alert tcp $HOME_NET any -> [209.124.164.217] 26416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.124.164.217/; sid:901044300; rev:1;) alert tcp $HOME_NET any -> [166.107.136.70] 1363 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.107.136.70/; sid:901044299; rev:1;) alert tcp $HOME_NET any -> [109.113.101.179] 24669 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.113.101.179/; sid:901044298; rev:1;) alert tcp $HOME_NET any -> [24.160.158.43] 33358 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.160.158.43/; sid:901044297; rev:1;) alert tcp $HOME_NET any -> [155.124.180.236] 23188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.124.180.236/; sid:901043535; rev:1;) alert tcp $HOME_NET any -> [43.56.61.47] 51467 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.56.61.47/; sid:901043534; rev:1;) alert tcp $HOME_NET any -> [156.6.144.166] 18334 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.6.144.166/; sid:901043533; rev:1;) alert tcp $HOME_NET any -> [195.41.62.181] 18713 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.41.62.181/; sid:901043532; rev:1;) alert tcp $HOME_NET any -> [236.25.249.214] 9515 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/236.25.249.214/; sid:901043531; rev:1;) alert tcp $HOME_NET any -> [94.135.17.47] 3626 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.135.17.47/; sid:901043530; rev:1;) alert tcp $HOME_NET any -> [137.255.255.248] 2167 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.255.255.248/; sid:901043465; rev:1;) alert tcp $HOME_NET any -> [80.255.255.249] 53131 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.255.255.249/; sid:901043464; rev:1;) alert tcp $HOME_NET any -> [69.141.80.244] 20700 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.141.80.244/; sid:901043463; rev:1;) alert tcp $HOME_NET any -> [181.31.213.158] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.213.158/; sid:901042779; rev:1;) alert tcp $HOME_NET any -> [185.14.187.201] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.187.201/; sid:901042761; rev:1;) alert tcp $HOME_NET any -> [233.0.0.0] 170 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.0.0.0/; sid:901042758; rev:1;) alert tcp $HOME_NET any -> [89.240.139.255] 18119 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.240.139.255/; sid:901042757; rev:1;) alert tcp $HOME_NET any -> [71.156.136.161] 10496 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.156.136.161/; sid:901042755; rev:1;) alert tcp $HOME_NET any -> [132.15.89.192] 202 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.15.89.192/; sid:901042754; rev:1;) alert tcp $HOME_NET any -> [15.240.139.89] 55684 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.240.139.89/; sid:901042753; rev:1;) alert tcp $HOME_NET any -> [132.61.131.255] 18332 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.61.131.255/; sid:901042752; rev:1;) alert tcp $HOME_NET any -> [80.8.69.141] 48360 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.8.69.141/; sid:901042751; rev:1;) alert tcp $HOME_NET any -> [71.156.128.5] 35072 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.156.128.5/; sid:901042750; rev:1;) alert tcp $HOME_NET any -> [23.239.84.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.84.134/; sid:900622352; rev:1;) alert tcp $HOME_NET any -> [195.123.234.85] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.234.85/; sid:900622351; rev:1;) alert tcp $HOME_NET any -> [229.254.61.50] 10064 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.254.61.50/; sid:901041789; rev:1;) alert tcp $HOME_NET any -> [229.139.178.0] 32399 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.139.178.0/; sid:901041788; rev:1;) alert tcp $HOME_NET any -> [191.75.167.146] 15719 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.75.167.146/; sid:901041787; rev:1;) alert tcp $HOME_NET any -> [106.241.100.98] 50216 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.241.100.98/; sid:901041786; rev:1;) alert tcp $HOME_NET any -> [121.139.40.150] 46943 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.139.40.150/; sid:901041785; rev:1;) alert tcp $HOME_NET any -> [18.201.109.148] 59854 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.201.109.148/; sid:901041784; rev:1;) alert tcp $HOME_NET any -> [86.185.158.137] 36427 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.185.158.137/; sid:901041783; rev:1;) alert tcp $HOME_NET any -> [97.66.43.101] 51806 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.66.43.101/; sid:901041782; rev:1;) alert tcp $HOME_NET any -> [65.87.75.201] 22107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.87.75.201/; sid:901041781; rev:1;) alert tcp $HOME_NET any -> [198.40.21.242] 36654 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.40.21.242/; sid:901041780; rev:1;) alert tcp $HOME_NET any -> [87.189.10.216] 25044 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.189.10.216/; sid:901041779; rev:1;) alert tcp $HOME_NET any -> [107.61.205.190] 19342 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.61.205.190/; sid:901041778; rev:1;) alert tcp $HOME_NET any -> [77.210.109.51] 5108 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.210.109.51/; sid:901041777; rev:1;) alert tcp $HOME_NET any -> [32.45.167.109] 26489 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.45.167.109/; sid:901041776; rev:1;) alert tcp $HOME_NET any -> [133.44.215.139] 48094 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.44.215.139/; sid:901041775; rev:1;) alert tcp $HOME_NET any -> [228.94.113.86] 58777 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/228.94.113.86/; sid:901041774; rev:1;) alert tcp $HOME_NET any -> [93.94.234.231] 62915 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.94.234.231/; sid:901041773; rev:1;) alert tcp $HOME_NET any -> [103.105.76.150] 35698 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.105.76.150/; sid:901041772; rev:1;) alert tcp $HOME_NET any -> [239.9.120.122] 39651 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/239.9.120.122/; sid:901041771; rev:1;) alert tcp $HOME_NET any -> [44.167.59.239] 63801 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/44.167.59.239/; sid:901041770; rev:1;) alert tcp $HOME_NET any -> [23.19.44.221] 45482 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.19.44.221/; sid:901041769; rev:1;) alert tcp $HOME_NET any -> [152.37.26.37] 62150 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.37.26.37/; sid:901041768; rev:1;) alert tcp $HOME_NET any -> [162.240.129.46] 44917 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.240.129.46/; sid:901041767; rev:1;) alert tcp $HOME_NET any -> [173.18.181.152] 38791 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.18.181.152/; sid:901041766; rev:1;) alert tcp $HOME_NET any -> [98.185.152.241] 63965 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.185.152.241/; sid:901041765; rev:1;) alert tcp $HOME_NET any -> [27.22.235.78] 30095 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.22.235.78/; sid:901041764; rev:1;) alert tcp $HOME_NET any -> [182.242.99.181] 40547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.242.99.181/; sid:901041763; rev:1;) alert tcp $HOME_NET any -> [214.133.186.150] 41145 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/214.133.186.150/; sid:901041762; rev:1;) alert tcp $HOME_NET any -> [112.43.0.147] 44050 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.43.0.147/; sid:901041761; rev:1;) alert tcp $HOME_NET any -> [152.101.41.39] 12923 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.101.41.39/; sid:901041760; rev:1;) alert tcp $HOME_NET any -> [229.22.20.169] 46680 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.22.20.169/; sid:901041759; rev:1;) alert tcp $HOME_NET any -> [8.93.139.226] 139 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.93.139.226/; sid:901041758; rev:1;) alert tcp $HOME_NET any -> [3.66.0.71] 15327 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/3.66.0.71/; sid:901041757; rev:1;) alert tcp $HOME_NET any -> [57.100.131.12] 252 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.100.131.12/; sid:901041756; rev:1;) alert tcp $HOME_NET any -> [139.2.225.193] 20606 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.2.225.193/; sid:901041755; rev:1;) alert tcp $HOME_NET any -> [125.209.59.87] 36135 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.209.59.87/; sid:901041754; rev:1;) alert tcp $HOME_NET any -> [153.124.13.139] 71 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.124.13.139/; sid:901041753; rev:1;) alert tcp $HOME_NET any -> [21.139.0.0] 39288 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.139.0.0/; sid:901041752; rev:1;) alert tcp $HOME_NET any -> [8.249.131.4] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.249.131.4/; sid:901041751; rev:1;) alert tcp $HOME_NET any -> [137.12.77.139] 21582 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.12.77.139/; sid:901041750; rev:1;) alert tcp $HOME_NET any -> [78.139.0.0] 35156 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.139.0.0/; sid:901041749; rev:1;) alert tcp $HOME_NET any -> [1.251.131.0] 33807 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.251.131.0/; sid:901041748; rev:1;) alert tcp $HOME_NET any -> [88.1.106.0] 63977 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.1.106.0/; sid:901041747; rev:1;) alert tcp $HOME_NET any -> [117.5.251.131] 33548 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.5.251.131/; sid:901041746; rev:1;) alert tcp $HOME_NET any -> [132.15.8.93] 257 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.15.8.93/; sid:901041745; rev:1;) alert tcp $HOME_NET any -> [88.139.0.0] 34056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.139.0.0/; sid:901041744; rev:1;) alert tcp $HOME_NET any -> [89.192.133.89] 33807 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.192.133.89/; sid:901041743; rev:1;) alert tcp $HOME_NET any -> [232.8.117.255] 294 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.8.117.255/; sid:901041742; rev:1;) alert tcp $HOME_NET any -> [139.255.255.236] 65520 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.255.236/; sid:901041741; rev:1;) alert tcp $HOME_NET any -> [81.236.139.85] 22099 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.236.139.85/; sid:901041740; rev:1;) alert tcp $HOME_NET any -> [106.2.235.240] 22767 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.2.235.240/; sid:901041739; rev:1;) alert tcp $HOME_NET any -> [106.10.235.241] 60402 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.10.235.241/; sid:901041738; rev:1;) alert tcp $HOME_NET any -> [106.18.235.243] 60406 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.18.235.243/; sid:901041737; rev:1;) alert tcp $HOME_NET any -> [106.26.235.245] 60404 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.26.235.245/; sid:901041736; rev:1;) alert tcp $HOME_NET any -> [106.34.235.251] 60407 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.34.235.251/; sid:901041735; rev:1;) alert tcp $HOME_NET any -> [106.42.235.248] 60409 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.42.235.248/; sid:901041734; rev:1;) alert tcp $HOME_NET any -> [106.50.235.252] 60410 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.50.235.252/; sid:901041733; rev:1;) alert tcp $HOME_NET any -> [106.195.201.91] 60414 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.195.201.91/; sid:901041732; rev:1;) alert tcp $HOME_NET any -> [236.84.5.59] 71 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/236.84.5.59/; sid:901041731; rev:1;) alert tcp $HOME_NET any -> [69.139.224.69] 35296 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.139.224.69/; sid:901041730; rev:1;) alert tcp $HOME_NET any -> [195.200.70.190] 65422 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.200.70.190/; sid:901041729; rev:1;) alert tcp $HOME_NET any -> [33.172.87.72] 21403 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/33.172.87.72/; sid:901041728; rev:1;) alert tcp $HOME_NET any -> [216.142.137.159] 63977 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.142.137.159/; sid:901041727; rev:1;) alert tcp $HOME_NET any -> [60.205.210.66] 21176 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.205.210.66/; sid:901041726; rev:1;) alert tcp $HOME_NET any -> [194.105.101.104] 32429 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.105.101.104/; sid:901041725; rev:1;) alert tcp $HOME_NET any -> [214.187.224.223] 35949 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/214.187.224.223/; sid:901041724; rev:1;) alert tcp $HOME_NET any -> [222.219.229.91] 18038 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.219.229.91/; sid:901041723; rev:1;) alert tcp $HOME_NET any -> [148.255.228.51] 45339 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.255.228.51/; sid:901041722; rev:1;) alert tcp $HOME_NET any -> [15.192.80.14] 60140 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.192.80.14/; sid:901041721; rev:1;) alert tcp $HOME_NET any -> [149.129.95.3] 27685 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.129.95.3/; sid:901041720; rev:1;) alert tcp $HOME_NET any -> [60.141.7.15] 55083 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.141.7.15/; sid:901041719; rev:1;) alert tcp $HOME_NET any -> [144.111.71.71] 56807 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.111.71.71/; sid:901041718; rev:1;) alert tcp $HOME_NET any -> [131.39.116.189] 58281 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.39.116.189/; sid:901041717; rev:1;) alert tcp $HOME_NET any -> [51.98.55.178] 9498 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.98.55.178/; sid:901041716; rev:1;) alert tcp $HOME_NET any -> [100.132.182.44] 50463 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.132.182.44/; sid:901041715; rev:1;) alert tcp $HOME_NET any -> [228.89.214.107] 23296 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/228.89.214.107/; sid:901041714; rev:1;) alert tcp $HOME_NET any -> [238.25.11.80] 20371 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/238.25.11.80/; sid:901041713; rev:1;) alert tcp $HOME_NET any -> [182.15.150.214] 61183 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.15.150.214/; sid:901041712; rev:1;) alert tcp $HOME_NET any -> [101.98.47.57] 5310 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.98.47.57/; sid:901041711; rev:1;) alert tcp $HOME_NET any -> [176.69.24.192] 35046 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.69.24.192/; sid:901041710; rev:1;) alert tcp $HOME_NET any -> [221.22.194.209] 36086 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.22.194.209/; sid:901041709; rev:1;) alert tcp $HOME_NET any -> [230.85.101.86] 44334 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/230.85.101.86/; sid:901041708; rev:1;) alert tcp $HOME_NET any -> [65.249.98.18] 35602 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.249.98.18/; sid:901041707; rev:1;) alert tcp $HOME_NET any -> [23.208.29.250] 15326 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.208.29.250/; sid:901041706; rev:1;) alert tcp $HOME_NET any -> [36.124.63.196] 35822 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.124.63.196/; sid:901041705; rev:1;) alert tcp $HOME_NET any -> [9.56.75.14] 42293 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.56.75.14/; sid:901041704; rev:1;) alert tcp $HOME_NET any -> [174.75.14.255] 35628 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.75.14.255/; sid:901041703; rev:1;) alert tcp $HOME_NET any -> [102.184.135.228] 46518 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.184.135.228/; sid:901041702; rev:1;) alert tcp $HOME_NET any -> [175.75.199.186] 34730 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.75.199.186/; sid:901041701; rev:1;) alert tcp $HOME_NET any -> [37.228.117.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.50/; sid:900622350; rev:1;) alert tcp $HOME_NET any -> [45.132.18.72] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.132.18.72/; sid:900622349; rev:1;) alert tcp $HOME_NET any -> [5.53.124.166] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.166/; sid:900622348; rev:1;) alert tcp $HOME_NET any -> [107.181.187.149] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.187.149/; sid:900622347; rev:1;) alert tcp $HOME_NET any -> [187.147.184.249] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.184.249/; sid:901041154; rev:1;) alert tcp $HOME_NET any -> [86.98.61.221] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.61.221/; sid:901041152; rev:1;) alert tcp $HOME_NET any -> [181.189.213.231] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.213.231/; sid:901041142; rev:1;) alert tcp $HOME_NET any -> [200.24.248.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.24.248.206/; sid:901041125; rev:1;) alert tcp $HOME_NET any -> [80.1.76.46] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.1.76.46/; sid:901040896; rev:1;) alert tcp $HOME_NET any -> [195.242.117.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.242.117.231/; sid:901040881; rev:1;) alert tcp $HOME_NET any -> [82.15.36.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.15.36.209/; sid:901040870; rev:1;) alert tcp $HOME_NET any -> [81.109.227.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.109.227.123/; sid:901040869; rev:1;) alert tcp $HOME_NET any -> [46.32.228.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.32.228.206/; sid:901040763; rev:1;) alert tcp $HOME_NET any -> [181.228.60.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.60.191/; sid:901040762; rev:1;) alert tcp $HOME_NET any -> [104.236.185.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.185.25/; sid:901040761; rev:1;) alert tcp $HOME_NET any -> [5.153.252.228] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.153.252.228/; sid:901040754; rev:1;) alert tcp $HOME_NET any -> [104.236.151.95] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.151.95/; sid:901040751; rev:1;) alert tcp $HOME_NET any -> [200.123.101.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.101.90/; sid:901040742; rev:1;) alert tcp $HOME_NET any -> [186.121.248.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.121.248.153/; sid:901040741; rev:1;) alert tcp $HOME_NET any -> [2.116.194.59] 2303 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.116.194.59/; sid:901039492; rev:1;) alert tcp $HOME_NET any -> [8.255.2.116] 16779 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.255.2.116/; sid:901039491; rev:1;) alert tcp $HOME_NET any -> [139.8.255.2] 13377 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.8.255.2/; sid:901039490; rev:1;) alert tcp $HOME_NET any -> [210.51.0.0] 51771 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.51.0.0/; sid:901039489; rev:1;) alert tcp $HOME_NET any -> [57.219.51.83] 35869 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.219.51.83/; sid:901039360; rev:1;) alert tcp $HOME_NET any -> [139.85.204.255] 33772 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.85.204.255/; sid:901039359; rev:1;) alert tcp $HOME_NET any -> [3.106.89.89] 55272 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/3.106.89.89/; sid:901039358; rev:1;) alert tcp $HOME_NET any -> [232.22.106.255] 6426 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.22.106.255/; sid:901039357; rev:1;) alert tcp $HOME_NET any -> [21.255.70.246] 33260 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.255.70.246/; sid:901039356; rev:1;) alert tcp $HOME_NET any -> [2.116.192.133] 63027 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.116.192.133/; sid:901039355; rev:1;) alert tcp $HOME_NET any -> [21.255.70.12] 33276 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.255.70.12/; sid:901039354; rev:1;) alert tcp $HOME_NET any -> [51.12.36.116] 65526 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.12.36.116/; sid:901039353; rev:1;) alert tcp $HOME_NET any -> [198.139.246.51] 50014 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.139.246.51/; sid:901039352; rev:1;) alert tcp $HOME_NET any -> [36.116.255.246] 17932 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.116.255.246/; sid:901039351; rev:1;) alert tcp $HOME_NET any -> [131.96.21.255] 68 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.96.21.255/; sid:901039350; rev:1;) alert tcp $HOME_NET any -> [192.0.0.23] 2165 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.0.0.23/; sid:901039349; rev:1;) alert tcp $HOME_NET any -> [101.139.195.64] 33256 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.139.195.64/; sid:901039348; rev:1;) alert tcp $HOME_NET any -> [137.0.139.0] 58437 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.0.139.0/; sid:901039347; rev:1;) alert tcp $HOME_NET any -> [36.235.224.69] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.235.224.69/; sid:901039346; rev:1;) alert tcp $HOME_NET any -> [117.255.12.117] 65288 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.12.117/; sid:901039345; rev:1;) alert tcp $HOME_NET any -> [131.0.70.38] 64613 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.70.38/; sid:901039344; rev:1;) alert tcp $HOME_NET any -> [3.95.184.10] 65 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/3.95.184.10/; sid:901039343; rev:1;) alert tcp $HOME_NET any -> [70.38.136.163] 34048 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.38.136.163/; sid:901039342; rev:1;) alert tcp $HOME_NET any -> [21.255.80.0] 33624 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.255.80.0/; sid:901039341; rev:1;) alert tcp $HOME_NET any -> [21.116.192.133] 56424 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.116.192.133/; sid:901039340; rev:1;) alert tcp $HOME_NET any -> [21.255.0.68] 33620 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.255.0.68/; sid:901039339; rev:1;) alert tcp $HOME_NET any -> [116.1.0.70] 26660 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.1.0.70/; sid:901039338; rev:1;) alert tcp $HOME_NET any -> [55.117.192.133] 15747 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/55.117.192.133/; sid:901039337; rev:1;) alert tcp $HOME_NET any -> [161.255.255.114] 9864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.255.255.114/; sid:901039336; rev:1;) alert tcp $HOME_NET any -> [24.8.104.16] 69 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.8.104.16/; sid:901039335; rev:1;) alert tcp $HOME_NET any -> [199.1.83.141] 63557 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.1.83.141/; sid:901038982; rev:1;) alert tcp $HOME_NET any -> [16.77.255.5] 904 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.77.255.5/; sid:901038981; rev:1;) alert tcp $HOME_NET any -> [139.28.116.10] 35335 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.28.116.10/; sid:901038980; rev:1;) alert tcp $HOME_NET any -> [116.72.193.246] 32802 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.72.193.246/; sid:901038979; rev:1;) alert tcp $HOME_NET any -> [133.15.2.193] 400 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.15.2.193/; sid:901038978; rev:1;) alert tcp $HOME_NET any -> [198.3.2.230] 18570 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.3.2.230/; sid:901038977; rev:1;) alert tcp $HOME_NET any -> [70.55.160.141] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.160.141/; sid:901038976; rev:1;) alert tcp $HOME_NET any -> [141.5.249.193] 49204 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.5.249.193/; sid:901038975; rev:1;) alert tcp $HOME_NET any -> [139.8.69.139] 33736 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.8.69.139/; sid:901038974; rev:1;) alert tcp $HOME_NET any -> [132.15.211.139] 440 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.15.211.139/; sid:901038973; rev:1;) alert tcp $HOME_NET any -> [139.83.0.16] 3165 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.83.0.16/; sid:901038972; rev:1;) alert tcp $HOME_NET any -> [101.131.12.236] 248 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.131.12.236/; sid:901038971; rev:1;) alert tcp $HOME_NET any -> [195.201.91.94] 35669 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.91.94/; sid:901038970; rev:1;) alert tcp $HOME_NET any -> [184.12.70.137] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.12.70.137/; sid:901038969; rev:1;) alert tcp $HOME_NET any -> [235.0.0.255] 33547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.0.0.255/; sid:901038968; rev:1;) alert tcp $HOME_NET any -> [15.235.32.12] 50059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.235.32.12/; sid:901038967; rev:1;) alert tcp $HOME_NET any -> [95.12.125.57] 1652 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.12.125.57/; sid:901038966; rev:1;) alert tcp $HOME_NET any -> [196.131.255.255] 35084 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.255.255/; sid:901038965; rev:1;) alert tcp $HOME_NET any -> [93.137.102.81] 59404 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.137.102.81/; sid:901038964; rev:1;) alert tcp $HOME_NET any -> [87.95.2.106] 17805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.95.2.106/; sid:901038963; rev:1;) alert tcp $HOME_NET any -> [235.24.137.102] 35611 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.24.137.102/; sid:901038962; rev:1;) alert tcp $HOME_NET any -> [70.139.12.196] 35592 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.139.12.196/; sid:901038961; rev:1;) alert tcp $HOME_NET any -> [109.232.81.83] 65507 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.232.81.83/; sid:901038960; rev:1;) alert tcp $HOME_NET any -> [32.4.64.246] 3188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.4.64.246/; sid:901038959; rev:1;) alert tcp $HOME_NET any -> [184.5.235.130] 63200 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.5.235.130/; sid:901038958; rev:1;) alert tcp $HOME_NET any -> [141.31.224.131] 49156 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.31.224.131/; sid:901038957; rev:1;) alert tcp $HOME_NET any -> [55.160.149.20] 70 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/55.160.149.20/; sid:901038956; rev:1;) alert tcp $HOME_NET any -> [209.139.25.116] 64193 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.139.25.116/; sid:901038955; rev:1;) alert tcp $HOME_NET any -> [235.12.69.137] 33586 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.12.69.137/; sid:901038954; rev:1;) alert tcp $HOME_NET any -> [232.81.80.87] 58909 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.81.80.87/; sid:901038953; rev:1;) alert tcp $HOME_NET any -> [137.251.59.74] 1110 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.251.59.74/; sid:901038952; rev:1;) alert tcp $HOME_NET any -> [86.139.22.137] 11032 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.139.22.137/; sid:901038951; rev:1;) alert tcp $HOME_NET any -> [185.68.93.20] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.68.93.20/; sid:900622344; rev:1;) alert tcp $HOME_NET any -> [37.18.30.111] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.111/; sid:900622341; rev:1;) alert tcp $HOME_NET any -> [172.245.205.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.205.211/; sid:900622340; rev:1;) alert tcp $HOME_NET any -> [192.227.232.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.41/; sid:900622339; rev:1;) alert tcp $HOME_NET any -> [185.14.31.40] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.40/; sid:900622337; rev:1;) alert tcp $HOME_NET any -> [66.85.156.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.156.68/; sid:900622336; rev:1;) alert tcp $HOME_NET any -> [185.251.39.114] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.114/; sid:900622335; rev:1;) alert tcp $HOME_NET any -> [190.108.228.48] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.228.48/; sid:901015690; rev:1;) alert tcp $HOME_NET any -> [107.172.249.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.249.205/; sid:900622333; rev:1;) alert tcp $HOME_NET any -> [181.55.171.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.55.171.237/; sid:901013952; rev:1;) alert tcp $HOME_NET any -> [162.241.232.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.232.82/; sid:901013931; rev:1;) alert tcp $HOME_NET any -> [115.88.70.226] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.88.70.226/; sid:901013930; rev:1;) alert tcp $HOME_NET any -> [197.211.244.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.244.6/; sid:901013928; rev:1;) alert tcp $HOME_NET any -> [110.36.234.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.234.146/; sid:901013927; rev:1;) alert tcp $HOME_NET any -> [184.69.214.94] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.69.214.94/; sid:901013897; rev:1;) alert tcp $HOME_NET any -> [119.159.150.176] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.159.150.176/; sid:901013896; rev:1;) alert tcp $HOME_NET any -> [181.123.0.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.123.0.125/; sid:901013895; rev:1;) alert tcp $HOME_NET any -> [38.131.14.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.131.14.154/; sid:901013397; rev:1;) alert tcp $HOME_NET any -> [178.152.64.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.64.225/; sid:901013386; rev:1;) alert tcp $HOME_NET any -> [89.211.201.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.201.179/; sid:901013384; rev:1;) alert tcp $HOME_NET any -> [199.19.237.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.19.237.192/; sid:901013028; rev:1;) alert tcp $HOME_NET any -> [190.228.72.244] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.228.72.244/; sid:901013023; rev:1;) alert tcp $HOME_NET any -> [45.79.188.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.188.67/; sid:901013003; rev:1;) alert tcp $HOME_NET any -> [124.240.198.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.240.198.66/; sid:901013000; rev:1;) alert tcp $HOME_NET any -> [37.211.85.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.85.139/; sid:901012935; rev:1;) alert tcp $HOME_NET any -> [91.205.215.10] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.10/; sid:901012925; rev:1;) alert tcp $HOME_NET any -> [46.101.142.115] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.142.115/; sid:901012922; rev:1;) alert tcp $HOME_NET any -> [198.58.114.91] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.58.114.91/; sid:901012917; rev:1;) alert tcp $HOME_NET any -> [186.144.64.31] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.144.64.31/; sid:901012916; rev:1;) alert tcp $HOME_NET any -> [142.4.198.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.198.249/; sid:901012906; rev:1;) alert tcp $HOME_NET any -> [186.23.146.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.146.42/; sid:901012889; rev:1;) alert tcp $HOME_NET any -> [190.246.146.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.246.146.101/; sid:901012883; rev:1;) alert tcp $HOME_NET any -> [86.6.188.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.6.188.121/; sid:901012882; rev:1;) alert tcp $HOME_NET any -> [181.171.118.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.118.19/; sid:901012879; rev:1;) alert tcp $HOME_NET any -> [104.236.217.164] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.217.164/; sid:901012875; rev:1;) alert tcp $HOME_NET any -> [181.231.72.200] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.231.72.200/; sid:901012873; rev:1;) alert tcp $HOME_NET any -> [187.162.62.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.62.135/; sid:901012872; rev:1;) alert tcp $HOME_NET any -> [23.227.206.136] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.206.136/; sid:900622324; rev:1;) alert tcp $HOME_NET any -> [81.177.136.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.107/; sid:900622322; rev:1;) alert tcp $HOME_NET any -> [185.142.99.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.41/; sid:900622323; rev:1;) alert tcp $HOME_NET any -> [162.247.155.102] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.102/; sid:900622321; rev:1;) alert tcp $HOME_NET any -> [94.156.189.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.189.106/; sid:900622317; rev:1;) alert tcp $HOME_NET any -> [185.98.87.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.218/; sid:900622318; rev:1;) alert tcp $HOME_NET any -> [93.189.46.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.46.110/; sid:900622320; rev:1;) alert tcp $HOME_NET any -> [107.181.187.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.187.60/; sid:900622319; rev:1;) alert tcp $HOME_NET any -> [181.28.248.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.28.248.205/; sid:901012676; rev:1;) alert tcp $HOME_NET any -> [201.251.229.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.229.37/; sid:901012671; rev:1;) alert tcp $HOME_NET any -> [81.140.12.131] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.140.12.131/; sid:901012669; rev:1;) alert tcp $HOME_NET any -> [190.102.226.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.102.226.91/; sid:901012668; rev:1;) alert tcp $HOME_NET any -> [187.149.41.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.41.205/; sid:901012659; rev:1;) alert tcp $HOME_NET any -> [200.58.83.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.83.179/; sid:901012658; rev:1;) alert tcp $HOME_NET any -> [190.193.131.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.131.141/; sid:901012657; rev:1;) alert tcp $HOME_NET any -> [181.134.105.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.134.105.191/; sid:901012656; rev:1;) alert tcp $HOME_NET any -> [45.55.83.204] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.83.204/; sid:901012651; rev:1;) alert tcp $HOME_NET any -> [190.189.112.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.112.116/; sid:901012650; rev:1;) alert tcp $HOME_NET any -> [138.219.214.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.219.214.164/; sid:901012649; rev:1;) alert tcp $HOME_NET any -> [185.187.198.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.187.198.10/; sid:901010502; rev:1;) alert tcp $HOME_NET any -> [80.240.141.141] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.240.141.141/; sid:901010501; rev:1;) alert tcp $HOME_NET any -> [201.214.74.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.214.74.71/; sid:901010500; rev:1;) alert tcp $HOME_NET any -> [139.5.237.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.237.27/; sid:901010499; rev:1;) alert tcp $HOME_NET any -> [190.158.19.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.19.141/; sid:901010498; rev:1;) alert tcp $HOME_NET any -> [162.144.47.94] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.47.94/; sid:901010151; rev:1;) alert tcp $HOME_NET any -> [212.129.24.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.82/; sid:901010150; rev:1;) alert tcp $HOME_NET any -> [105.186.87.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.87.144/; sid:901010147; rev:1;) alert tcp $HOME_NET any -> [181.165.150.211] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.150.211/; sid:901009951; rev:1;) alert tcp $HOME_NET any -> [181.1.37.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.1.37.38/; sid:901009934; rev:1;) alert tcp $HOME_NET any -> [186.93.167.147] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.93.167.147/; sid:901009925; rev:1;) alert tcp $HOME_NET any -> [148.240.52.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.52.172/; sid:901009923; rev:1;) alert tcp $HOME_NET any -> [212.71.237.140] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.71.237.140/; sid:901009691; rev:1;) alert tcp $HOME_NET any -> [181.167.53.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.53.209/; sid:901009689; rev:1;) alert tcp $HOME_NET any -> [186.0.95.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.0.95.172/; sid:901009669; rev:1;) alert tcp $HOME_NET any -> [187.199.158.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.158.226/; sid:901009668; rev:1;) alert tcp $HOME_NET any -> [181.99.235.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.235.57/; sid:901009667; rev:1;) alert tcp $HOME_NET any -> [186.29.155.101] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.29.155.101/; sid:901009493; rev:1;) alert tcp $HOME_NET any -> [152.170.220.95] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.220.95/; sid:901009490; rev:1;) alert tcp $HOME_NET any -> [186.10.16.244] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.16.244/; sid:901009489; rev:1;) alert tcp $HOME_NET any -> [162.214.27.219] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.27.219/; sid:901009479; rev:1;) alert tcp $HOME_NET any -> [194.50.163.106] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.50.163.106/; sid:901009478; rev:1;) alert tcp $HOME_NET any -> [190.96.118.15] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.118.15/; sid:901009476; rev:1;) alert tcp $HOME_NET any -> [186.117.174.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.117.174.26/; sid:901009475; rev:1;) alert tcp $HOME_NET any -> [66.85.156.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.156.66/; sid:900622302; rev:1;) alert tcp $HOME_NET any -> [66.55.71.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.11/; sid:900622301; rev:1;) alert tcp $HOME_NET any -> [192.227.232.22] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.22/; sid:900622295; rev:1;) alert tcp $HOME_NET any -> [45.148.10.48] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.10.48/; sid:900622296; rev:1;) alert tcp $HOME_NET any -> [45.14.49.77] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.14.49.77/; sid:900622293; rev:1;) alert tcp $HOME_NET any -> [195.123.220.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.86/; sid:900622292; rev:1;) alert tcp $HOME_NET any -> [107.172.143.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.91/; sid:900622305; rev:1;) alert tcp $HOME_NET any -> [194.5.250.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.84/; sid:900622294; rev:1;) alert tcp $HOME_NET any -> [64.44.51.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.88/; sid:900622300; rev:1;) alert tcp $HOME_NET any -> [46.28.111.142] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.28.111.142/; sid:901009178; rev:1;) alert tcp $HOME_NET any -> [77.237.248.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.237.248.136/; sid:901009126; rev:1;) alert tcp $HOME_NET any -> [37.228.117.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.247/; sid:900622290; rev:1;) alert tcp $HOME_NET any -> [5.53.125.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.125.13/; sid:900622289; rev:1;) alert tcp $HOME_NET any -> [188.225.57.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.57.125/; sid:900622288; rev:1;) alert tcp $HOME_NET any -> [185.90.61.116] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.116/; sid:900622287; rev:1;) alert tcp $HOME_NET any -> [46.41.134.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.134.46/; sid:901009094; rev:1;) alert tcp $HOME_NET any -> [185.65.202.193] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.193/; sid:900622286; rev:1;) alert tcp $HOME_NET any -> [212.22.75.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.132/; sid:900622281; rev:1;) alert tcp $HOME_NET any -> [139.60.163.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.50/; sid:900622282; rev:1;) alert tcp $HOME_NET any -> [5.196.74.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.74.210/; sid:901009006; rev:1;) alert tcp $HOME_NET any -> [185.142.236.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.236.163/; sid:901008998; rev:1;) alert tcp $HOME_NET any -> [101.187.237.217] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.237.217/; sid:901008997; rev:1;) alert tcp $HOME_NET any -> [180.183.112.185] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.112.185/; sid:901008996; rev:1;) alert tcp $HOME_NET any -> [185.250.204.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.250.204.126/; sid:900622277; rev:1;) alert tcp $HOME_NET any -> [64.44.133.34] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.34/; sid:900622275; rev:1;) alert tcp $HOME_NET any -> [92.63.102.212] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.102.212/; sid:900622274; rev:1;) alert tcp $HOME_NET any -> [37.228.117.65] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.65/; sid:900622276; rev:1;) alert tcp $HOME_NET any -> [145.239.188.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.95/; sid:900622271; rev:1;) alert tcp $HOME_NET any -> [195.123.238.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.36/; sid:900622272; rev:1;) alert tcp $HOME_NET any -> [138.185.25.228] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.185.25.228/; sid:900622269; rev:1;) alert tcp $HOME_NET any -> [190.152.4.98] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.4.98/; sid:900622266; rev:1;) alert tcp $HOME_NET any -> [170.84.78.117] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.84.78.117/; sid:900622268; rev:1;) alert tcp $HOME_NET any -> [91.207.185.73] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.185.73/; sid:900622265; rev:1;) alert tcp $HOME_NET any -> [170.233.120.53] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.233.120.53/; sid:900622267; rev:1;) alert tcp $HOME_NET any -> [94.177.253.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.253.126/; sid:901007859; rev:1;) alert tcp $HOME_NET any -> [143.95.101.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.95.101.72/; sid:901007850; rev:1;) alert tcp $HOME_NET any -> [113.52.135.33] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.52.135.33/; sid:901007845; rev:1;) alert tcp $HOME_NET any -> [5.189.148.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.148.98/; sid:901007836; rev:1;) alert tcp $HOME_NET any -> [133.130.73.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.130.73.156/; sid:901007832; rev:1;) alert tcp $HOME_NET any -> [62.75.171.248] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.171.248/; sid:901007831; rev:1;) alert tcp $HOME_NET any -> [178.170.189.239] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.239/; sid:900622261; rev:1;) alert tcp $HOME_NET any -> [91.92.128.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.128.237/; sid:900622260; rev:1;) alert tcp $HOME_NET any -> [62.75.160.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.160.178/; sid:901007734; rev:1;) alert tcp $HOME_NET any -> [87.106.77.40] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.77.40/; sid:901007733; rev:1;) alert tcp $HOME_NET any -> [217.199.160.224] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.199.160.224/; sid:901007708; rev:1;) alert tcp $HOME_NET any -> [178.249.187.151] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.249.187.151/; sid:901007707; rev:1;) alert tcp $HOME_NET any -> [185.222.202.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.222/; sid:900622259; rev:1;) alert tcp $HOME_NET any -> [192.241.250.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.250.202/; sid:901007675; rev:1;) alert tcp $HOME_NET any -> [181.164.8.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.8.25/; sid:901007673; rev:1;) alert tcp $HOME_NET any -> [51.68.247.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.247.62/; sid:900622254; rev:1;) alert tcp $HOME_NET any -> [23.95.214.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.214.138/; sid:900622252; rev:1;) alert tcp $HOME_NET any -> [37.44.212.216] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.216/; sid:900622251; rev:1;) alert tcp $HOME_NET any -> [93.189.42.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.21/; sid:900622253; rev:1;) alert tcp $HOME_NET any -> [47.41.213.2] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.41.213.2/; sid:901007319; rev:1;) alert tcp $HOME_NET any -> [190.211.254.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.211.254.14/; sid:900622249; rev:1;) alert tcp $HOME_NET any -> [181.113.229.139] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.229.139/; sid:901007288; rev:1;) alert tcp $HOME_NET any -> [95.178.241.254] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.241.254/; sid:901007283; rev:1;) alert tcp $HOME_NET any -> [189.189.214.1] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.214.1/; sid:901007274; rev:1;) alert tcp $HOME_NET any -> [189.245.216.217] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.245.216.217/; sid:901007273; rev:1;) alert tcp $HOME_NET any -> [190.79.251.99] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.251.99/; sid:901007272; rev:1;) alert tcp $HOME_NET any -> [190.221.50.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.221.50.210/; sid:901007269; rev:1;) alert tcp $HOME_NET any -> [190.104.253.234] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.253.234/; sid:901007261; rev:1;) alert tcp $HOME_NET any -> [46.163.144.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.163.144.228/; sid:901007249; rev:1;) alert tcp $HOME_NET any -> [62.75.150.240] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.150.240/; sid:901007245; rev:1;) alert tcp $HOME_NET any -> [152.46.8.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.46.8.148/; sid:901007244; rev:1;) alert tcp $HOME_NET any -> [201.184.65.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.65.229/; sid:901007243; rev:1;) alert tcp $HOME_NET any -> [190.38.14.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.38.14.52/; sid:901007242; rev:1;) alert tcp $HOME_NET any -> [211.229.116.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.229.116.97/; sid:901007241; rev:1;) alert tcp $HOME_NET any -> [189.129.231.76] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.231.76/; sid:901007211; rev:1;) alert tcp $HOME_NET any -> [194.5.250.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.82/; sid:900622236; rev:1;) alert tcp $HOME_NET any -> [91.132.139.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.132.139.170/; sid:900622235; rev:1;) alert tcp $HOME_NET any -> [46.30.41.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.229/; sid:900622234; rev:1;) alert tcp $HOME_NET any -> [45.8.126.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.126.5/; sid:900622233; rev:1;) alert tcp $HOME_NET any -> [190.201.164.223] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.164.223/; sid:901007170; rev:1;) alert tcp $HOME_NET any -> [63.142.253.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.142.253.122/; sid:901007149; rev:1;) alert tcp $HOME_NET any -> [158.69.130.55] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.130.55/; sid:901007148; rev:1;) alert tcp $HOME_NET any -> [212.80.217.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.164/; sid:900622230; rev:1;) alert tcp $HOME_NET any -> [186.42.98.254] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.98.254/; sid:900622227; rev:1;) alert tcp $HOME_NET any -> [92.63.102.210] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.102.210/; sid:900622228; rev:1;) alert tcp $HOME_NET any -> [185.70.182.162] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.70.182.162/; sid:900622225; rev:1;) alert tcp $HOME_NET any -> [186.42.185.10] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.185.10/; sid:900622224; rev:1;) alert tcp $HOME_NET any -> [45.161.33.88] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.161.33.88/; sid:900622223; rev:1;) alert tcp $HOME_NET any -> [212.71.234.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.71.234.16/; sid:901006959; rev:1;) alert tcp $HOME_NET any -> [51.15.8.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.8.192/; sid:901006898; rev:1;) alert tcp $HOME_NET any -> [189.187.141.15] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.187.141.15/; sid:901006897; rev:1;) alert tcp $HOME_NET any -> [50.28.51.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.28.51.143/; sid:901006896; rev:1;) alert tcp $HOME_NET any -> [187.149.84.80] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.84.80/; sid:901006875; rev:1;) alert tcp $HOME_NET any -> [189.166.68.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.68.89/; sid:901006874; rev:1;) alert tcp $HOME_NET any -> [114.79.134.129] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.134.129/; sid:901006873; rev:1;) alert tcp $HOME_NET any -> [187.144.189.58] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.189.58/; sid:901006853; rev:1;) alert tcp $HOME_NET any -> [187.147.50.167] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.50.167/; sid:901006842; rev:1;) alert tcp $HOME_NET any -> [190.18.146.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.146.70/; sid:901006841; rev:1;) alert tcp $HOME_NET any -> [181.49.61.237] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.61.237/; sid:900622215; rev:1;) alert tcp $HOME_NET any -> [37.228.117.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.146/; sid:900622214; rev:1;) alert tcp $HOME_NET any -> [148.251.185.189] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.189/; sid:900622213; rev:1;) alert tcp $HOME_NET any -> [203.23.128.168] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.23.128.168/; sid:900622212; rev:1;) alert tcp $HOME_NET any -> [51.254.69.244] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.244/; sid:900622211; rev:1;) alert tcp $HOME_NET any -> [79.124.49.215] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.215/; sid:900622209; rev:1;) alert tcp $HOME_NET any -> [213.183.60.30] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.183.60.30/; sid:900622210; rev:1;) alert tcp $HOME_NET any -> [107.155.137.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.8/; sid:900622207; rev:1;) alert tcp $HOME_NET any -> [195.123.221.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.104/; sid:900622205; rev:1;) alert tcp $HOME_NET any -> [93.189.149.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.149.238/; sid:900622206; rev:1;) alert tcp $HOME_NET any -> [107.173.160.29] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.160.29/; sid:900622204; rev:1;) alert tcp $HOME_NET any -> [31.184.253.37] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.253.37/; sid:900622203; rev:1;) alert tcp $HOME_NET any -> [108.170.40.39] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.40.39/; sid:900622201; rev:1;) alert tcp $HOME_NET any -> [107.172.143.248] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.248/; sid:900622202; rev:1;) alert tcp $HOME_NET any -> [109.169.86.13] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.169.86.13/; sid:901005130; rev:1;) alert tcp $HOME_NET any -> [46.41.151.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.151.103/; sid:901005123; rev:1;) alert tcp $HOME_NET any -> [23.92.22.225] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.92.22.225/; sid:901005119; rev:1;) alert tcp $HOME_NET any -> [104.236.243.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.243.129/; sid:901005108; rev:1;) alert tcp $HOME_NET any -> [207.180.208.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.208.175/; sid:901005104; rev:1;) alert tcp $HOME_NET any -> [189.244.245.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.245.238/; sid:901005102; rev:1;) alert tcp $HOME_NET any -> [189.129.4.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.4.186/; sid:901005101; rev:1;) alert tcp $HOME_NET any -> [78.140.223.73] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.140.223.73/; sid:900622198; rev:1;) alert tcp $HOME_NET any -> [185.117.119.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.131/; sid:900622197; rev:1;) alert tcp $HOME_NET any -> [138.197.140.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.140.163/; sid:901004554; rev:1;) alert tcp $HOME_NET any -> [108.179.216.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.179.216.46/; sid:901004552; rev:1;) alert tcp $HOME_NET any -> [83.169.33.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.169.33.157/; sid:901004548; rev:1;) alert tcp $HOME_NET any -> [46.32.229.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.32.229.152/; sid:901004546; rev:1;) alert tcp $HOME_NET any -> [178.249.187.150] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.249.187.150/; sid:901004542; rev:1;) alert tcp $HOME_NET any -> [216.70.88.55] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.70.88.55/; sid:901004541; rev:1;) alert tcp $HOME_NET any -> [192.163.221.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.221.191/; sid:901004533; rev:1;) alert tcp $HOME_NET any -> [45.33.1.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.1.161/; sid:901004532; rev:1;) alert tcp $HOME_NET any -> [190.146.81.138] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.81.138/; sid:901004531; rev:1;) alert tcp $HOME_NET any -> [83.110.75.153] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.75.153/; sid:901004530; rev:1;) alert tcp $HOME_NET any -> [152.168.220.188] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.220.188/; sid:901004529; rev:1;) alert tcp $HOME_NET any -> [78.109.34.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.109.34.178/; sid:901004528; rev:1;) alert tcp $HOME_NET any -> [5.53.124.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.55/; sid:900622194; rev:1;) alert tcp $HOME_NET any -> [5.196.35.138] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.35.138/; sid:901004461; rev:1;) alert tcp $HOME_NET any -> [77.55.211.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.55.211.77/; sid:901004453; rev:1;) alert tcp $HOME_NET any -> [198.199.106.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.106.229/; sid:901004435; rev:1;) alert tcp $HOME_NET any -> [190.200.64.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.200.64.180/; sid:901004434; rev:1;) alert tcp $HOME_NET any -> [181.81.143.108] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.81.143.108/; sid:901004433; rev:1;) alert tcp $HOME_NET any -> [195.123.221.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.178/; sid:900622193; rev:1;) alert tcp $HOME_NET any -> [217.160.182.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.182.191/; sid:901004300; rev:1;) alert tcp $HOME_NET any -> [178.254.6.27] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.6.27/; sid:901004115; rev:1;) alert tcp $HOME_NET any -> [59.152.93.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.152.93.46/; sid:901004113; rev:1;) alert tcp $HOME_NET any -> [195.93.223.100] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.93.223.100/; sid:900622179; rev:1;) alert tcp $HOME_NET any -> [185.79.242.204] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.79.242.204/; sid:900622180; rev:1;) alert tcp $HOME_NET any -> [108.170.40.34] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.40.34/; sid:900622177; rev:1;) alert tcp $HOME_NET any -> [92.38.171.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.36/; sid:900622176; rev:1;) alert tcp $HOME_NET any -> [104.193.252.142] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.193.252.142/; sid:900622178; rev:1;) alert tcp $HOME_NET any -> [185.222.202.62] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.62/; sid:900622175; rev:1;) alert tcp $HOME_NET any -> [62.210.142.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.142.58/; sid:901003104; rev:1;) alert tcp $HOME_NET any -> [181.36.42.205] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.36.42.205/; sid:901003075; rev:1;) alert tcp $HOME_NET any -> [83.29.180.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.29.180.97/; sid:901003074; rev:1;) alert tcp $HOME_NET any -> [187.155.233.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.233.46/; sid:901003073; rev:1;) alert tcp $HOME_NET any -> [194.5.250.79] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.79/; sid:900622172; rev:1;) alert tcp $HOME_NET any -> [178.252.26.235] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.252.26.235/; sid:900622171; rev:1;) alert tcp $HOME_NET any -> [200.82.147.93] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.147.93/; sid:901002902; rev:1;) alert tcp $HOME_NET any -> [201.113.23.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.113.23.175/; sid:901002901; rev:1;) alert tcp $HOME_NET any -> [190.10.194.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.194.42/; sid:901002899; rev:1;) alert tcp $HOME_NET any -> [190.104.64.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.64.197/; sid:901002898; rev:1;) alert tcp $HOME_NET any -> [66.55.71.15] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.15/; sid:900622170; rev:1;) alert tcp $HOME_NET any -> [198.199.88.162] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.88.162/; sid:901002776; rev:1;) alert tcp $HOME_NET any -> [190.226.44.20] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.226.44.20/; sid:901002775; rev:1;) alert tcp $HOME_NET any -> [86.98.25.30] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.25.30/; sid:901002774; rev:1;) alert tcp $HOME_NET any -> [201.250.11.236] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.250.11.236/; sid:901002773; rev:1;) alert tcp $HOME_NET any -> [179.12.170.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.12.170.88/; sid:901002771; rev:1;) alert tcp $HOME_NET any -> [181.230.126.152] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.126.152/; sid:901002617; rev:1;) alert tcp $HOME_NET any -> [179.24.118.93] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.24.118.93/; sid:901002616; rev:1;) alert tcp $HOME_NET any -> [190.55.86.138] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.86.138/; sid:901002615; rev:1;) alert tcp $HOME_NET any -> [190.55.39.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.39.215/; sid:901002614; rev:1;) alert tcp $HOME_NET any -> [190.92.103.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.103.7/; sid:901002613; rev:1;) alert tcp $HOME_NET any -> [186.4.194.153] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.194.153/; sid:901002509; rev:1;) alert tcp $HOME_NET any -> [185.94.252.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.13/; sid:901002505; rev:1;) alert tcp $HOME_NET any -> [103.97.95.218] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.97.95.218/; sid:901002498; rev:1;) alert tcp $HOME_NET any -> [92.222.216.44] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.222.216.44/; sid:901002496; rev:1;) alert tcp $HOME_NET any -> [37.228.117.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.182/; sid:900622163; rev:1;) alert tcp $HOME_NET any -> [159.65.25.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.25.128/; sid:901002001; rev:1;) alert tcp $HOME_NET any -> [179.32.19.219] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.32.19.219/; sid:901002002; rev:1;) alert tcp $HOME_NET any -> [92.222.125.16] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.222.125.16/; sid:901001980; rev:1;) alert tcp $HOME_NET any -> [104.236.246.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.246.93/; sid:901001994; rev:1;) alert tcp $HOME_NET any -> [142.44.162.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.162.209/; sid:901001981; rev:1;) alert tcp $HOME_NET any -> [37.157.194.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.157.194.134/; sid:901002000; rev:1;) alert tcp $HOME_NET any -> [87.230.19.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.230.19.21/; sid:901001805; rev:1;) alert tcp $HOME_NET any -> [149.202.153.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.153.252/; sid:901001800; rev:1;) alert tcp $HOME_NET any -> [37.208.39.59] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.39.59/; sid:901001783; rev:1;) alert tcp $HOME_NET any -> [117.197.124.36] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.197.124.36/; sid:901001782; rev:1;) alert tcp $HOME_NET any -> [125.99.61.162] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.61.162/; sid:901001738; rev:1;) alert tcp $HOME_NET any -> [77.122.183.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.122.183.203/; sid:901001737; rev:1;) alert tcp $HOME_NET any -> [178.170.189.52] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.52/; sid:900622160; rev:1;) alert tcp $HOME_NET any -> [139.60.163.36] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.36/; sid:900622154; rev:1;) alert tcp $HOME_NET any -> [79.124.49.210] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.210/; sid:900622153; rev:1;) alert tcp $HOME_NET any -> [107.155.137.4] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.4/; sid:900622161; rev:1;) alert tcp $HOME_NET any -> [148.251.27.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.27.94/; sid:900622152; rev:1;) alert tcp $HOME_NET any -> [181.113.20.186] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.20.186/; sid:900622146; rev:1;) alert tcp $HOME_NET any -> [64.44.51.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.126/; sid:900622151; rev:1;) alert tcp $HOME_NET any -> [194.5.250.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.60/; sid:900622143; rev:1;) alert tcp $HOME_NET any -> [200.29.106.33] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.29.106.33/; sid:900622128; rev:1;) alert tcp $HOME_NET any -> [104.168.123.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.123.186/; sid:900622159; rev:1;) alert tcp $HOME_NET any -> [190.97.10.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.10.198/; sid:901001589; rev:1;) alert tcp $HOME_NET any -> [179.40.105.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.40.105.76/; sid:901001586; rev:1;) alert tcp $HOME_NET any -> [186.86.177.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.177.193/; sid:901001575; rev:1;) alert tcp $HOME_NET any -> [176.31.200.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.200.136/; sid:901001566; rev:1;) alert tcp $HOME_NET any -> [70.32.84.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.84.74/; sid:901001565; rev:1;) alert tcp $HOME_NET any -> [46.101.123.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.123.139/; sid:901001563; rev:1;) alert tcp $HOME_NET any -> [181.28.144.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.28.144.64/; sid:901001559; rev:1;) alert tcp $HOME_NET any -> [138.68.106.4] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.106.4/; sid:901001558; rev:1;) alert tcp $HOME_NET any -> [46.29.183.211] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.29.183.211/; sid:901001554; rev:1;) alert tcp $HOME_NET any -> [186.83.133.253] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.83.133.253/; sid:901001545; rev:1;) alert tcp $HOME_NET any -> [159.203.204.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.204.126/; sid:901001544; rev:1;) alert tcp $HOME_NET any -> [190.230.60.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.60.129/; sid:901001541; rev:1;) alert tcp $HOME_NET any -> [181.48.174.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.174.242/; sid:901001540; rev:1;) alert tcp $HOME_NET any -> [190.19.42.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.42.131/; sid:901001538; rev:1;) alert tcp $HOME_NET any -> [187.144.227.2] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.227.2/; sid:901001532; rev:1;) alert tcp $HOME_NET any -> [186.93.145.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.93.145.178/; sid:901001529; rev:1;) alert tcp $HOME_NET any -> [81.169.140.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.169.140.14/; sid:901001527; rev:1;) alert tcp $HOME_NET any -> [183.82.97.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.97.25/; sid:901001521; rev:1;) alert tcp $HOME_NET any -> [90.69.208.50] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.69.208.50/; sid:901001519; rev:1;) alert tcp $HOME_NET any -> [213.120.104.180] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.120.104.180/; sid:901001518; rev:1;) alert tcp $HOME_NET any -> [77.245.101.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.245.101.134/; sid:901001516; rev:1;) alert tcp $HOME_NET any -> [80.85.87.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.85.87.122/; sid:901001515; rev:1;) alert tcp $HOME_NET any -> [170.247.122.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.247.122.37/; sid:901001514; rev:1;) alert tcp $HOME_NET any -> [86.42.166.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.166.147/; sid:901001513; rev:1;) alert tcp $HOME_NET any -> [5.77.13.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.77.13.70/; sid:901001512; rev:1;) alert tcp $HOME_NET any -> [178.79.163.131] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.163.131/; sid:901001511; rev:1;) alert tcp $HOME_NET any -> [190.1.37.125] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.1.37.125/; sid:901001507; rev:1;) alert tcp $HOME_NET any -> [201.219.183.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.219.183.243/; sid:901001506; rev:1;) alert tcp $HOME_NET any -> [128.199.78.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.78.227/; sid:901001503; rev:1;) alert tcp $HOME_NET any -> [162.241.130.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.130.39/; sid:901001502; rev:1;) alert tcp $HOME_NET any -> [151.80.142.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.142.33/; sid:901001501; rev:1;) alert tcp $HOME_NET any -> [189.245.135.12] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.245.135.12/; sid:901001499; rev:1;) alert tcp $HOME_NET any -> [5.67.96.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.67.96.120/; sid:901001498; rev:1;) alert tcp $HOME_NET any -> [203.130.0.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.130.0.67/; sid:901001497; rev:1;) alert tcp $HOME_NET any -> [181.188.149.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.149.134/; sid:901001496; rev:1;) alert tcp $HOME_NET any -> [203.150.19.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.150.19.63/; sid:901001494; rev:1;) alert tcp $HOME_NET any -> [192.241.175.184] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.175.184/; sid:901001495; rev:1;) alert tcp $HOME_NET any -> [149.202.153.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.153.251/; sid:901001491; rev:1;) alert tcp $HOME_NET any -> [69.164.216.124] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.216.124/; sid:901001486; rev:1;) alert tcp $HOME_NET any -> [190.13.146.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.146.47/; sid:901001487; rev:1;) alert tcp $HOME_NET any -> [93.78.205.196] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.78.205.196/; sid:901001484; rev:1;) alert tcp $HOME_NET any -> [81.177.141.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.141.45/; sid:900622316; rev:1;) alert tcp $HOME_NET any -> [78.24.219.147] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.219.147/; sid:901001479; rev:1;) alert tcp $HOME_NET any -> [206.189.98.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.98.125/; sid:901001478; rev:1;) alert tcp $HOME_NET any -> [104.131.208.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.208.175/; sid:901001474; rev:1;) alert tcp $HOME_NET any -> [75.127.14.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.127.14.170/; sid:901001473; rev:1;) alert tcp $HOME_NET any -> [31.172.240.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.172.240.91/; sid:901001472; rev:1;) alert tcp $HOME_NET any -> [173.212.203.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.203.26/; sid:901001471; rev:1;) alert tcp $HOME_NET any -> [188.166.253.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.253.46/; sid:901001466; rev:1;) alert tcp $HOME_NET any -> [91.83.93.103] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.103/; sid:901001461; rev:1;) alert tcp $HOME_NET any -> [142.93.88.16] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.88.16/; sid:901001459; rev:1;) alert tcp $HOME_NET any -> [31.12.67.62] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.12.67.62/; sid:901001460; rev:1;) alert tcp $HOME_NET any -> [162.144.119.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.119.216/; sid:901001458; rev:1;) alert tcp $HOME_NET any -> [104.247.221.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.247.221.104/; sid:901001457; rev:1;) alert tcp $HOME_NET any -> [124.121.192.163] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.121.192.163/; sid:901001456; rev:1;) alert tcp $HOME_NET any -> [152.169.236.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.236.172/; sid:901001453; rev:1;) alert tcp $HOME_NET any -> [201.212.57.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.57.109/; sid:901001452; rev:1;) alert tcp $HOME_NET any -> [92.243.92.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.243.92.8/; sid:900622140; rev:1;) alert tcp $HOME_NET any -> [195.123.238.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.110/; sid:900622144; rev:1;) alert tcp $HOME_NET any -> [185.251.38.201] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.201/; sid:900622136; rev:1;) alert tcp $HOME_NET any -> [200.116.199.10] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.199.10/; sid:900622106; rev:1;) alert tcp $HOME_NET any -> [186.46.88.62] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.88.62/; sid:900622104; rev:1;) alert tcp $HOME_NET any -> [200.21.51.38] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.51.38/; sid:900622105; rev:1;) alert tcp $HOME_NET any -> [37.18.30.165] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.165/; sid:900622137; rev:1;) alert tcp $HOME_NET any -> [185.66.14.149] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.14.149/; sid:900622135; rev:1;) alert tcp $HOME_NET any -> [5.101.51.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.101.51.101/; sid:900622141; rev:1;) alert tcp $HOME_NET any -> [92.38.171.26] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.26/; sid:900622139; rev:1;) alert tcp $HOME_NET any -> [195.123.238.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.83/; sid:900622138; rev:1;) alert tcp $HOME_NET any -> [51.77.202.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.202.8/; sid:900622132; rev:1;) alert tcp $HOME_NET any -> [107.172.143.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.155/; sid:900622145; rev:1;) alert tcp $HOME_NET any -> [195.123.247.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.247.27/; sid:900622133; rev:1;) alert tcp $HOME_NET any -> [185.252.144.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.190/; sid:900622134; rev:1;) alert tcp $HOME_NET any -> [194.5.250.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.57/; sid:900622103; rev:1;) alert tcp $HOME_NET any -> [51.77.254.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.254.186/; sid:900622102; rev:1;) alert tcp $HOME_NET any -> [178.33.26.175] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.26.175/; sid:900622101; rev:1;) alert tcp $HOME_NET any -> [23.94.24.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.24.196/; sid:900622100; rev:1;) alert tcp $HOME_NET any -> [198.12.71.210] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.71.210/; sid:900622099; rev:1;) alert tcp $HOME_NET any -> [79.124.49.209] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.209/; sid:900622097; rev:1;) alert tcp $HOME_NET any -> [185.141.27.223] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.223/; sid:900622096; rev:1;) alert tcp $HOME_NET any -> [185.141.27.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.237/; sid:900622098; rev:1;) alert tcp $HOME_NET any -> [185.215.148.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.215.148.133/; sid:900622095; rev:1;) alert tcp $HOME_NET any -> [181.129.96.74] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.96.74/; sid:900622094; rev:1;) alert tcp $HOME_NET any -> [195.123.242.175] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.242.175/; sid:900622093; rev:1;) alert tcp $HOME_NET any -> [194.5.250.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.53/; sid:900622092; rev:1;) alert tcp $HOME_NET any -> [66.55.71.112] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.112/; sid:900622090; rev:1;) alert tcp $HOME_NET any -> [68.168.123.85] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.168.123.85/; sid:900622088; rev:1;) alert tcp $HOME_NET any -> [107.174.66.214] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.66.214/; sid:900622087; rev:1;) alert tcp $HOME_NET any -> [107.173.90.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.90.220/; sid:900622086; rev:1;) alert tcp $HOME_NET any -> [190.144.89.82] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.89.82/; sid:900622091; rev:1;) alert tcp $HOME_NET any -> [107.155.137.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.12/; sid:900622085; rev:1;) alert tcp $HOME_NET any -> [95.174.65.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.174.65.246/; sid:900622082; rev:1;) alert tcp $HOME_NET any -> [107.173.160.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.160.19/; sid:900622084; rev:1;) alert tcp $HOME_NET any -> [45.80.148.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.53/; sid:900622083; rev:1;) alert tcp $HOME_NET any -> [185.222.202.29] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.29/; sid:900622080; rev:1;) alert tcp $HOME_NET any -> [79.124.49.206] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.206/; sid:900622081; rev:1;) alert tcp $HOME_NET any -> [107.173.160.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.160.22/; sid:900622078; rev:1;) alert tcp $HOME_NET any -> [192.3.104.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.104.38/; sid:900622079; rev:1;) alert tcp $HOME_NET any -> [107.173.160.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.160.18/; sid:900622089; rev:1;) alert tcp $HOME_NET any -> [184.164.142.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.164.142.51/; sid:900622076; rev:1;) alert tcp $HOME_NET any -> [185.142.99.59] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.59/; sid:900622072; rev:1;) alert tcp $HOME_NET any -> [185.45.193.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.45.193.76/; sid:900622075; rev:1;) alert tcp $HOME_NET any -> [190.109.189.119] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.189.119/; sid:900622077; rev:1;) alert tcp $HOME_NET any -> [217.12.210.216] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.210.216/; sid:900622074; rev:1;) alert tcp $HOME_NET any -> [95.181.198.140] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.140/; sid:900622073; rev:1;) alert tcp $HOME_NET any -> [212.73.150.188] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.188/; sid:900622066; rev:1;) alert tcp $HOME_NET any -> [185.235.130.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.235.130.84/; sid:900622070; rev:1;) alert tcp $HOME_NET any -> [31.202.132.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.179/; sid:900622068; rev:1;) alert tcp $HOME_NET any -> [185.183.99.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.99.146/; sid:900622069; rev:1;) alert tcp $HOME_NET any -> [172.106.131.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.106.131.104/; sid:900622067; rev:1;) alert tcp $HOME_NET any -> [85.143.216.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.216.155/; sid:900622062; rev:1;) alert tcp $HOME_NET any -> [51.254.69.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.225/; sid:900622061; rev:1;) alert tcp $HOME_NET any -> [45.138.157.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.157.55/; sid:900622063; rev:1;) alert tcp $HOME_NET any -> [107.160.141.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.160.141.53/; sid:900622064; rev:1;) alert tcp $HOME_NET any -> [194.87.147.184] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.147.184/; sid:900622059; rev:1;) alert tcp $HOME_NET any -> [193.26.217.140] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.26.217.140/; sid:900622060; rev:1;) alert tcp $HOME_NET any -> [185.141.61.191] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.61.191/; sid:900622065; rev:1;) alert tcp $HOME_NET any -> [195.123.237.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.52/; sid:900622058; rev:1;) alert tcp $HOME_NET any -> [85.217.171.98] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.171.98/; sid:900622050; rev:1;) alert tcp $HOME_NET any -> [185.183.98.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.237/; sid:900622053; rev:1;) alert tcp $HOME_NET any -> [54.38.127.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.24/; sid:900622056; rev:1;) alert tcp $HOME_NET any -> [79.124.49.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.203/; sid:900622054; rev:1;) alert tcp $HOME_NET any -> [81.177.6.144] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.6.144/; sid:900622051; rev:1;) alert tcp $HOME_NET any -> [81.177.6.224] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.6.224/; sid:900622052; rev:1;) alert tcp $HOME_NET any -> [37.72.168.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.72.168.154/; sid:900622055; rev:1;) alert tcp $HOME_NET any -> [45.8.126.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.126.3/; sid:900622150; rev:1;) alert tcp $HOME_NET any -> [185.183.99.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.99.134/; sid:900622045; rev:1;) alert tcp $HOME_NET any -> [37.228.117.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.90/; sid:900622046; rev:1;) alert tcp $HOME_NET any -> [185.65.202.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.159/; sid:900622042; rev:1;) alert tcp $HOME_NET any -> [5.101.51.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.101.51.246/; sid:900622043; rev:1;) alert tcp $HOME_NET any -> [51.75.254.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.254.122/; sid:900622040; rev:1;) alert tcp $HOME_NET any -> [45.138.157.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.157.13/; sid:900622041; rev:1;) alert tcp $HOME_NET any -> [212.22.75.120] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.120/; sid:900622037; rev:1;) alert tcp $HOME_NET any -> [176.103.62.201] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.103.62.201/; sid:900622039; rev:1;) alert tcp $HOME_NET any -> [85.143.221.0] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.221.0/; sid:900622038; rev:1;) alert tcp $HOME_NET any -> [107.174.254.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.254.153/; sid:900622048; rev:1;) alert tcp $HOME_NET any -> [51.68.247.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.247.46/; sid:900622049; rev:1;) alert tcp $HOME_NET any -> [92.38.171.125] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.125/; sid:900622047; rev:1;) alert tcp $HOME_NET any -> [94.156.35.232] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.232/; sid:900622035; rev:1;) alert tcp $HOME_NET any -> [80.87.196.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.196.55/; sid:900622036; rev:1;) alert tcp $HOME_NET any -> [181.112.159.70] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.159.70/; sid:900622044; rev:1;) alert tcp $HOME_NET any -> [81.177.136.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.68/; sid:900622033; rev:1;) alert tcp $HOME_NET any -> [50.3.87.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.3.87.51/; sid:900621992; rev:1;) alert tcp $HOME_NET any -> [95.181.198.88] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.88/; sid:900621989; rev:1;) alert tcp $HOME_NET any -> [103.116.84.44] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.84.44/; sid:900622034; rev:1;) alert tcp $HOME_NET any -> [54.36.28.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.28.94/; sid:900621991; rev:1;) alert tcp $HOME_NET any -> [185.82.202.89] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.82.202.89/; sid:900621990; rev:1;) alert tcp $HOME_NET any -> [5.253.63.157] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.157/; sid:900621987; rev:1;) alert tcp $HOME_NET any -> [66.70.218.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.50/; sid:900621986; rev:1;) alert tcp $HOME_NET any -> [186.46.63.58] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.63.58/; sid:900622026; rev:1;) alert tcp $HOME_NET any -> [66.70.218.56] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.56/; sid:900621982; rev:1;) alert tcp $HOME_NET any -> [178.157.82.90] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.90/; sid:900621983; rev:1;) alert tcp $HOME_NET any -> [198.23.252.117] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.117/; sid:900621985; rev:1;) alert tcp $HOME_NET any -> [95.215.206.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.215.206.34/; sid:900621984; rev:1;) alert tcp $HOME_NET any -> [93.189.44.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.44.92/; sid:900622032; rev:1;) alert tcp $HOME_NET any -> [185.141.27.162] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.162/; sid:900621981; rev:1;) alert tcp $HOME_NET any -> [198.8.91.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.53/; sid:900621966; rev:1;) alert tcp $HOME_NET any -> [54.36.24.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.24.99/; sid:900622368; rev:1;) alert tcp $HOME_NET any -> [190.151.213.140] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.213.140/; sid:900622031; rev:1;) alert tcp $HOME_NET any -> [81.177.141.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.141.67/; sid:900621964; rev:1;) alert tcp $HOME_NET any -> [31.184.253.6] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.253.6/; sid:900621965; rev:1;) alert tcp $HOME_NET any -> [89.105.203.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.105.203.184/; sid:900621956; rev:1;) alert tcp $HOME_NET any -> [146.185.219.27] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.27/; sid:900621962; rev:1;) alert tcp $HOME_NET any -> [194.87.95.132] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.95.132/; sid:900621963; rev:1;) alert tcp $HOME_NET any -> [37.228.117.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.250/; sid:900621961; rev:1;) alert tcp $HOME_NET any -> [192.3.146.221] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.146.221/; sid:900621958; rev:1;) alert tcp $HOME_NET any -> [198.12.97.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.97.212/; sid:900621960; rev:1;) alert tcp $HOME_NET any -> [185.117.75.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.41/; sid:900621951; rev:1;) alert tcp $HOME_NET any -> [185.183.98.26] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.26/; sid:900621950; rev:1;) alert tcp $HOME_NET any -> [107.175.33.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.33.16/; sid:900621955; rev:1;) alert tcp $HOME_NET any -> [37.46.128.252] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.46.128.252/; sid:900621953; rev:1;) alert tcp $HOME_NET any -> [217.106.238.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.106.238.102/; sid:900621945; rev:1;) alert tcp $HOME_NET any -> [104.217.8.108] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.217.8.108/; sid:900621944; rev:1;) alert tcp $HOME_NET any -> [185.251.39.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.12/; sid:900621946; rev:1;) alert tcp $HOME_NET any -> [82.118.21.99] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.99/; sid:900621949; rev:1;) alert tcp $HOME_NET any -> [158.69.133.71] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.133.71/; sid:900621948; rev:1;) alert tcp $HOME_NET any -> [158.69.133.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.133.76/; sid:900621952; rev:1;) alert tcp $HOME_NET any -> [192.3.146.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.146.179/; sid:900621957; rev:1;) alert tcp $HOME_NET any -> [212.109.223.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.223.235/; sid:900621954; rev:1;) alert tcp $HOME_NET any -> [45.15.253.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.132/; sid:900621947; rev:1;) alert tcp $HOME_NET any -> [185.172.129.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.146/; sid:900621959; rev:1;) alert tcp $HOME_NET any -> [46.30.41.188] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.188/; sid:900621942; rev:1;) alert tcp $HOME_NET any -> [194.36.189.170] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.170/; sid:900621943; rev:1;) alert tcp $HOME_NET any -> [185.117.75.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.110/; sid:900621940; rev:1;) alert tcp $HOME_NET any -> [198.46.198.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.131/; sid:900621941; rev:1;) alert tcp $HOME_NET any -> [139.60.163.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.101/; sid:900621938; rev:1;) alert tcp $HOME_NET any -> [195.123.237.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.113/; sid:900621939; rev:1;) alert tcp $HOME_NET any -> [186.47.82.6] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.82.6/; sid:900622030; rev:1;) alert tcp $HOME_NET any -> [5.53.124.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.49/; sid:900621937; rev:1;) alert tcp $HOME_NET any -> [178.170.189.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.117/; sid:900621934; rev:1;) alert tcp $HOME_NET any -> [5.9.178.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.178.87/; sid:900621935; rev:1;) alert tcp $HOME_NET any -> [79.143.31.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.31.94/; sid:900621936; rev:1;) alert tcp $HOME_NET any -> [51.79.57.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.57.148/; sid:900621933; rev:1;) alert tcp $HOME_NET any -> [89.105.203.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.105.203.182/; sid:900621930; rev:1;) alert tcp $HOME_NET any -> [185.183.99.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.99.159/; sid:900621928; rev:1;) alert tcp $HOME_NET any -> [80.87.199.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.54/; sid:900621927; rev:1;) alert tcp $HOME_NET any -> [82.146.43.15] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.43.15/; sid:900621932; rev:1;) alert tcp $HOME_NET any -> [198.46.198.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.132/; sid:900621931; rev:1;) alert tcp $HOME_NET any -> [186.156.52.78] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.156.52.78/; sid:900622020; rev:1;) alert tcp $HOME_NET any -> [186.47.40.234] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.40.234/; sid:900622017; rev:1;) alert tcp $HOME_NET any -> [190.13.190.178] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.190.178/; sid:900622016; rev:1;) alert tcp $HOME_NET any -> [192.210.226.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.226.104/; sid:900621924; rev:1;) alert tcp $HOME_NET any -> [146.185.219.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.21/; sid:900621926; rev:1;) alert tcp $HOME_NET any -> [185.241.53.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.241.53.109/; sid:900621923; rev:1;) alert tcp $HOME_NET any -> [54.36.24.100] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.24.100/; sid:900621922; rev:1;) alert tcp $HOME_NET any -> [185.172.129.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.11/; sid:900621929; rev:1;) alert tcp $HOME_NET any -> [185.202.174.77] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.77/; sid:900621920; rev:1;) alert tcp $HOME_NET any -> [5.53.124.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.147/; sid:900621925; rev:1;) alert tcp $HOME_NET any -> [107.174.71.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.71.44/; sid:900621918; rev:1;) alert tcp $HOME_NET any -> [54.37.195.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.195.102/; sid:900621919; rev:1;) alert tcp $HOME_NET any -> [185.142.99.39] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.39/; sid:900621915; rev:1;) alert tcp $HOME_NET any -> [185.117.73.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.73.58/; sid:900621914; rev:1;) alert tcp $HOME_NET any -> [198.46.198.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.12/; sid:900621917; rev:1;) alert tcp $HOME_NET any -> [198.12.97.204] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.97.204/; sid:900621910; rev:1;) alert tcp $HOME_NET any -> [81.177.136.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.17/; sid:900621909; rev:1;) alert tcp $HOME_NET any -> [212.80.217.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.182/; sid:900621911; rev:1;) alert tcp $HOME_NET any -> [195.123.237.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.126/; sid:900621916; rev:1;) alert tcp $HOME_NET any -> [195.123.233.35] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.35/; sid:900621908; rev:1;) alert tcp $HOME_NET any -> [107.172.201.144] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.201.144/; sid:900621906; rev:1;) alert tcp $HOME_NET any -> [31.184.253.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.253.244/; sid:900621905; rev:1;) alert tcp $HOME_NET any -> [146.185.219.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.19/; sid:900622338; rev:1;) alert tcp $HOME_NET any -> [193.124.185.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.185.113/; sid:900621903; rev:1;) alert tcp $HOME_NET any -> [195.123.238.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.54/; sid:900621902; rev:1;) alert tcp $HOME_NET any -> [198.12.97.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.97.170/; sid:900621901; rev:1;) alert tcp $HOME_NET any -> [50.3.68.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.3.68.150/; sid:900621904; rev:1;) alert tcp $HOME_NET any -> [194.87.111.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.111.102/; sid:900621900; rev:1;) alert tcp $HOME_NET any -> [94.103.95.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.95.91/; sid:900621899; rev:1;) alert tcp $HOME_NET any -> [190.152.38.66] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.38.66/; sid:900622009; rev:1;) alert tcp $HOME_NET any -> [198.46.198.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.103/; sid:900621907; rev:1;) alert tcp $HOME_NET any -> [91.235.129.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.80/; sid:900621898; rev:1;) alert tcp $HOME_NET any -> [37.228.117.142] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.142/; sid:900621897; rev:1;) alert tcp $HOME_NET any -> [185.161.210.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.161.210.161/; sid:900621896; rev:1;) alert tcp $HOME_NET any -> [85.143.217.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.217.214/; sid:900621893; rev:1;) alert tcp $HOME_NET any -> [46.30.41.33] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.33/; sid:900621894; rev:1;) alert tcp $HOME_NET any -> [92.63.104.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.104.76/; sid:900621895; rev:1;) alert tcp $HOME_NET any -> [185.186.77.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.233/; sid:900621892; rev:1;) alert tcp $HOME_NET any -> [91.240.84.55] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.55/; sid:900621891; rev:1;) alert tcp $HOME_NET any -> [185.98.87.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.196/; sid:900621890; rev:1;) alert tcp $HOME_NET any -> [185.177.59.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.177.59.115/; sid:900621888; rev:1;) alert tcp $HOME_NET any -> [195.161.62.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.206/; sid:900621889; rev:1;) alert tcp $HOME_NET any -> [188.165.62.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.5/; sid:900621887; rev:1;) alert tcp $HOME_NET any -> [192.3.253.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.253.217/; sid:900621913; rev:1;) alert tcp $HOME_NET any -> [94.156.189.216] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.189.216/; sid:900621912; rev:1;) alert tcp $HOME_NET any -> [185.202.174.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.76/; sid:900621921; rev:1;) alert tcp $HOME_NET any -> [45.67.231.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.170/; sid:900621884; rev:1;) alert tcp $HOME_NET any -> [23.95.90.88] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.90.88/; sid:900621881; rev:1;) alert tcp $HOME_NET any -> [5.253.63.142] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.142/; sid:900621878; rev:1;) alert tcp $HOME_NET any -> [144.217.50.250] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.250/; sid:900621879; rev:1;) alert tcp $HOME_NET any -> [190.152.36.30] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.36.30/; sid:900622018; rev:1;) alert tcp $HOME_NET any -> [195.161.114.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.114.131/; sid:900621874; rev:1;) alert tcp $HOME_NET any -> [194.99.20.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.20.161/; sid:900621873; rev:1;) alert tcp $HOME_NET any -> [217.107.34.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.170/; sid:900621875; rev:1;) alert tcp $HOME_NET any -> [192.243.109.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.215/; sid:900621876; rev:1;) alert tcp $HOME_NET any -> [192.3.253.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.253.197/; sid:900621877; rev:1;) alert tcp $HOME_NET any -> [185.183.96.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.217/; sid:900621880; rev:1;) alert tcp $HOME_NET any -> [192.243.109.208] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.208/; sid:900621882; rev:1;) alert tcp $HOME_NET any -> [23.94.184.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.124/; sid:900621883; rev:1;) alert tcp $HOME_NET any -> [212.73.150.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.83/; sid:900621872; rev:1;) alert tcp $HOME_NET any -> [195.123.243.79] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.243.79/; sid:900621871; rev:1;) alert tcp $HOME_NET any -> [145.239.188.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.90/; sid:900621870; rev:1;) alert tcp $HOME_NET any -> [109.234.34.152] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.34.152/; sid:900621868; rev:1;) alert tcp $HOME_NET any -> [192.243.109.219] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.219/; sid:900621869; rev:1;) alert tcp $HOME_NET any -> [185.183.98.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.198/; sid:900621867; rev:1;) alert tcp $HOME_NET any -> [37.44.212.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.19/; sid:900621866; rev:1;) alert tcp $HOME_NET any -> [185.183.96.221] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.221/; sid:900621864; rev:1;) alert tcp $HOME_NET any -> [192.3.247.108] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.108/; sid:900621865; rev:1;) alert tcp $HOME_NET any -> [200.119.45.140] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.119.45.140/; sid:900621993; rev:1;) alert tcp $HOME_NET any -> [108.174.56.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.56.131/; sid:900621886; rev:1;) alert tcp $HOME_NET any -> [80.87.199.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.186/; sid:900621862; rev:1;) alert tcp $HOME_NET any -> [193.37.212.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.218/; sid:900621863; rev:1;) alert tcp $HOME_NET any -> [193.37.212.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.219/; sid:900621861; rev:1;) alert tcp $HOME_NET any -> [194.87.144.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.144.60/; sid:900621860; rev:1;) alert tcp $HOME_NET any -> [37.18.30.20] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.20/; sid:900621859; rev:1;) alert tcp $HOME_NET any -> [80.87.199.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.5/; sid:900621856; rev:1;) alert tcp $HOME_NET any -> [92.38.171.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.91/; sid:900621855; rev:1;) alert tcp $HOME_NET any -> [178.156.202.242] 2050 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.242/; sid:900621854; rev:1;) alert tcp $HOME_NET any -> [80.87.201.64] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.201.64/; sid:900621858; rev:1;) alert tcp $HOME_NET any -> [45.15.253.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.55/; sid:900621857; rev:1;) alert tcp $HOME_NET any -> [136.243.142.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.142.150/; sid:900621853; rev:1;) alert tcp $HOME_NET any -> [162.248.225.160] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.225.160/; sid:900621852; rev:1;) alert tcp $HOME_NET any -> [202.9.120.79] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.9.120.79/; sid:900622012; rev:1;) alert tcp $HOME_NET any -> [185.173.92.121] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.173.92.121/; sid:900621851; rev:1;) alert tcp $HOME_NET any -> [185.241.52.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.241.52.38/; sid:900621849; rev:1;) alert tcp $HOME_NET any -> [181.176.160.145] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.160.145/; sid:900622003; rev:1;) alert tcp $HOME_NET any -> [176.57.215.128] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.57.215.128/; sid:900621850; rev:1;) alert tcp $HOME_NET any -> [185.141.25.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.91/; sid:900621847; rev:1;) alert tcp $HOME_NET any -> [185.183.97.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.152/; sid:900621846; rev:1;) alert tcp $HOME_NET any -> [217.107.34.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.34/; sid:900621838; rev:1;) alert tcp $HOME_NET any -> [185.141.27.172] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.172/; sid:900621837; rev:1;) alert tcp $HOME_NET any -> [80.87.200.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.200.37/; sid:900621839; rev:1;) alert tcp $HOME_NET any -> [5.253.63.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.134/; sid:900621841; rev:1;) alert tcp $HOME_NET any -> [185.141.27.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.134/; sid:900621840; rev:1;) alert tcp $HOME_NET any -> [162.247.155.165] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.165/; sid:900621842; rev:1;) alert tcp $HOME_NET any -> [145.239.188.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.88/; sid:900621843; rev:1;) alert tcp $HOME_NET any -> [192.3.83.176] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.176/; sid:900621836; rev:1;) alert tcp $HOME_NET any -> [198.12.101.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.101.164/; sid:900621844; rev:1;) alert tcp $HOME_NET any -> [51.75.232.232] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.232.232/; sid:900621834; rev:1;) alert tcp $HOME_NET any -> [217.107.34.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.104/; sid:900621832; rev:1;) alert tcp $HOME_NET any -> [185.198.57.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.86/; sid:900621833; rev:1;) alert tcp $HOME_NET any -> [37.44.215.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.174/; sid:900621831; rev:1;) alert tcp $HOME_NET any -> [185.203.118.145] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.118.145/; sid:900621829; rev:1;) alert tcp $HOME_NET any -> [81.177.26.91] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.26.91/; sid:900621828; rev:1;) alert tcp $HOME_NET any -> [107.173.125.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.125.68/; sid:900621826; rev:1;) alert tcp $HOME_NET any -> [103.207.1.44] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.207.1.44/; sid:900622006; rev:1;) alert tcp $HOME_NET any -> [85.204.116.189] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.189/; sid:900621824; rev:1;) alert tcp $HOME_NET any -> [185.183.96.48] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.48/; sid:900621823; rev:1;) alert tcp $HOME_NET any -> [185.141.25.79] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.79/; sid:900621825; rev:1;) alert tcp $HOME_NET any -> [192.3.247.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.104/; sid:900621827; rev:1;) alert tcp $HOME_NET any -> [23.94.184.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.109/; sid:900621830; rev:1;) alert tcp $HOME_NET any -> [85.143.223.188] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.188/; sid:900621835; rev:1;) alert tcp $HOME_NET any -> [172.245.110.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.110.126/; sid:900621848; rev:1;) alert tcp $HOME_NET any -> [37.18.30.153] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.153/; sid:900621845; rev:1;) alert tcp $HOME_NET any -> [185.141.25.75] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.75/; sid:900621822; rev:1;) alert tcp $HOME_NET any -> [195.133.144.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.144.112/; sid:900621819; rev:1;) alert tcp $HOME_NET any -> [91.228.218.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.228.218.50/; sid:900621815; rev:1;) alert tcp $HOME_NET any -> [23.95.44.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.44.51/; sid:900621818; rev:1;) alert tcp $HOME_NET any -> [23.94.49.229] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.49.229/; sid:900621817; rev:1;) alert tcp $HOME_NET any -> [37.44.215.180] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.180/; sid:900621816; rev:1;) alert tcp $HOME_NET any -> [162.248.225.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.225.20/; sid:900621813; rev:1;) alert tcp $HOME_NET any -> [92.38.171.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.57/; sid:900621812; rev:1;) alert tcp $HOME_NET any -> [31.202.132.185] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.185/; sid:900621810; rev:1;) alert tcp $HOME_NET any -> [107.175.115.147] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.115.147/; sid:900621809; rev:1;) alert tcp $HOME_NET any -> [185.141.25.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.126/; sid:900621806; rev:1;) alert tcp $HOME_NET any -> [185.65.202.127] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.127/; sid:900621807; rev:1;) alert tcp $HOME_NET any -> [78.140.223.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.140.223.27/; sid:900621808; rev:1;) alert tcp $HOME_NET any -> [23.94.53.171] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.53.171/; sid:900621811; rev:1;) alert tcp $HOME_NET any -> [195.123.238.9] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.9/; sid:900621821; rev:1;) alert tcp $HOME_NET any -> [94.156.35.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.190/; sid:900621804; rev:1;) alert tcp $HOME_NET any -> [195.123.245.16] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.16/; sid:900621802; rev:1;) alert tcp $HOME_NET any -> [192.243.108.105] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.105/; sid:900621803; rev:1;) alert tcp $HOME_NET any -> [23.94.137.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.229/; sid:900621801; rev:1;) alert tcp $HOME_NET any -> [192.3.61.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.61.236/; sid:900621800; rev:1;) alert tcp $HOME_NET any -> [85.204.116.192] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.192/; sid:900621799; rev:1;) alert tcp $HOME_NET any -> [45.237.240.178] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.237.240.178/; sid:900622005; rev:1;) alert tcp $HOME_NET any -> [178.157.82.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.60/; sid:900621798; rev:1;) alert tcp $HOME_NET any -> [185.61.148.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.203/; sid:900621796; rev:1;) alert tcp $HOME_NET any -> [178.157.82.177] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.177/; sid:900621793; rev:1;) alert tcp $HOME_NET any -> [23.94.137.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.10/; sid:900621791; rev:1;) alert tcp $HOME_NET any -> [185.98.87.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.113/; sid:900621781; rev:1;) alert tcp $HOME_NET any -> [80.87.199.224] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.224/; sid:900621773; rev:1;) alert tcp $HOME_NET any -> [194.32.77.81] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.32.77.81/; sid:900621774; rev:1;) alert tcp $HOME_NET any -> [185.135.81.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.81.95/; sid:900621775; rev:1;) alert tcp $HOME_NET any -> [45.15.253.61] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.61/; sid:900621778; rev:1;) alert tcp $HOME_NET any -> [5.196.195.6] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.195.6/; sid:900621779; rev:1;) alert tcp $HOME_NET any -> [37.44.212.120] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.120/; sid:900621782; rev:1;) alert tcp $HOME_NET any -> [92.119.114.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.119.114.186/; sid:900621783; rev:1;) alert tcp $HOME_NET any -> [185.206.145.100] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.145.100/; sid:900621784; rev:1;) alert tcp $HOME_NET any -> [192.243.103.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.103.153/; sid:900621787; rev:1;) alert tcp $HOME_NET any -> [185.61.148.65] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.65/; sid:900621780; rev:1;) alert tcp $HOME_NET any -> [85.143.218.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.104/; sid:900621776; rev:1;) alert tcp $HOME_NET any -> [51.254.69.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.233/; sid:900621777; rev:1;) alert tcp $HOME_NET any -> [192.3.83.168] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.168/; sid:900621797; rev:1;) alert tcp $HOME_NET any -> [185.206.146.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.146.178/; sid:900621762; rev:1;) alert tcp $HOME_NET any -> [185.65.202.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.102/; sid:900621771; rev:1;) alert tcp $HOME_NET any -> [185.141.25.116] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.116/; sid:900621788; rev:1;) alert tcp $HOME_NET any -> [185.205.210.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.205.210.58/; sid:900621792; rev:1;) alert tcp $HOME_NET any -> [193.37.212.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.249/; sid:900621768; rev:1;) alert tcp $HOME_NET any -> [185.186.77.248] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.248/; sid:900621767; rev:1;) alert tcp $HOME_NET any -> [45.8.229.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.229.113/; sid:900621763; rev:1;) alert tcp $HOME_NET any -> [82.118.22.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.22.87/; sid:900621764; rev:1;) alert tcp $HOME_NET any -> [107.173.140.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.140.104/; sid:900621795; rev:1;) alert tcp $HOME_NET any -> [193.37.213.39] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.213.39/; sid:900621794; rev:1;) alert tcp $HOME_NET any -> [192.243.108.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.102/; sid:900621772; rev:1;) alert tcp $HOME_NET any -> [85.204.116.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.151/; sid:900621761; rev:1;) alert tcp $HOME_NET any -> [108.174.56.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.56.159/; sid:900621790; rev:1;) alert tcp $HOME_NET any -> [31.202.132.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.95/; sid:900621789; rev:1;) alert tcp $HOME_NET any -> [185.183.97.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.141/; sid:900621766; rev:1;) alert tcp $HOME_NET any -> [107.173.34.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.34.151/; sid:900621786; rev:1;) alert tcp $HOME_NET any -> [107.172.248.98] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.248.98/; sid:900621785; rev:1;) alert tcp $HOME_NET any -> [23.94.96.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.96.203/; sid:900621765; rev:1;) alert tcp $HOME_NET any -> [192.210.132.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.132.15/; sid:900621760; rev:1;) alert tcp $HOME_NET any -> [195.123.213.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.213.36/; sid:900621769; rev:1;) alert tcp $HOME_NET any -> [185.246.67.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.67.198/; sid:900621770; rev:1;) alert tcp $HOME_NET any -> [77.244.219.49] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.244.219.49/; sid:900621742; rev:1;) alert tcp $HOME_NET any -> [185.251.39.73] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.73/; sid:900621758; rev:1;) alert tcp $HOME_NET any -> [192.243.102.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.102.102/; sid:900621759; rev:1;) alert tcp $HOME_NET any -> [45.12.215.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.12.215.57/; sid:900621745; rev:1;) alert tcp $HOME_NET any -> [185.198.57.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.110/; sid:900621747; rev:1;) alert tcp $HOME_NET any -> [5.253.63.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.112/; sid:900621746; rev:1;) alert tcp $HOME_NET any -> [185.246.67.63] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.67.63/; sid:900621736; rev:1;) alert tcp $HOME_NET any -> [103.75.118.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.118.230/; sid:900621738; rev:1;) alert tcp $HOME_NET any -> [185.180.197.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.197.38/; sid:900621737; rev:1;) alert tcp $HOME_NET any -> [202.4.169.178] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.4.169.178/; sid:900622162; rev:1;) alert tcp $HOME_NET any -> [178.170.189.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.45/; sid:900621735; rev:1;) alert tcp $HOME_NET any -> [37.44.212.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.173/; sid:900621733; rev:1;) alert tcp $HOME_NET any -> [185.90.61.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.80/; sid:900621730; rev:1;) alert tcp $HOME_NET any -> [2.59.40.240] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.59.40.240/; sid:900621731; rev:1;) alert tcp $HOME_NET any -> [185.86.149.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.149.110/; sid:900621728; rev:1;) alert tcp $HOME_NET any -> [107.173.42.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.42.177/; sid:900621729; rev:1;) alert tcp $HOME_NET any -> [185.61.149.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.162/; sid:900621727; rev:1;) alert tcp $HOME_NET any -> [192.243.108.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.230/; sid:900621726; rev:1;) alert tcp $HOME_NET any -> [185.202.174.72] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.72/; sid:900621722; rev:1;) alert tcp $HOME_NET any -> [194.67.217.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.67.217.125/; sid:900621718; rev:1;) alert tcp $HOME_NET any -> [82.118.21.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.133/; sid:900621719; rev:1;) alert tcp $HOME_NET any -> [144.217.12.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.12.34/; sid:900621724; rev:1;) alert tcp $HOME_NET any -> [146.185.219.56] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.56/; sid:900621716; rev:1;) alert tcp $HOME_NET any -> [46.30.41.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.155/; sid:900621717; rev:1;) alert tcp $HOME_NET any -> [185.244.149.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.74/; sid:900621720; rev:1;) alert tcp $HOME_NET any -> [193.37.212.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.106/; sid:900621721; rev:1;) alert tcp $HOME_NET any -> [107.172.143.241] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.241/; sid:900621723; rev:1;) alert tcp $HOME_NET any -> [185.251.38.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.238/; sid:900621725; rev:1;) alert tcp $HOME_NET any -> [195.123.246.69] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.69/; sid:900621749; rev:1;) alert tcp $HOME_NET any -> [172.245.19.134] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.19.134/; sid:900621714; rev:1;) alert tcp $HOME_NET any -> [131.161.105.206] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.161.105.206/; sid:900621978; rev:1;) alert tcp $HOME_NET any -> [185.117.75.101] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.101/; sid:900621743; rev:1;) alert tcp $HOME_NET any -> [139.60.163.40] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.40/; sid:900621739; rev:1;) alert tcp $HOME_NET any -> [93.189.47.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.47.93/; sid:900621750; rev:1;) alert tcp $HOME_NET any -> [149.202.225.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.164/; sid:900621713; rev:1;) alert tcp $HOME_NET any -> [81.177.136.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.36/; sid:900621734; rev:1;) alert tcp $HOME_NET any -> [192.227.232.26] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.26/; sid:900621732; rev:1;) alert tcp $HOME_NET any -> [82.118.21.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.139/; sid:900621715; rev:1;) alert tcp $HOME_NET any -> [23.94.93.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.93.104/; sid:900621748; rev:1;) alert tcp $HOME_NET any -> [146.185.219.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.69/; sid:900621751; rev:1;) alert tcp $HOME_NET any -> [178.156.202.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.69/; sid:900621752; rev:1;) alert tcp $HOME_NET any -> [103.117.172.206] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.117.172.206/; sid:900622028; rev:1;) alert tcp $HOME_NET any -> [192.144.7.42] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.144.7.42/; sid:900621753; rev:1;) alert tcp $HOME_NET any -> [178.156.202.151] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.151/; sid:900621712; rev:1;) alert tcp $HOME_NET any -> [137.74.211.228] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.211.228/; sid:900621710; rev:1;) alert tcp $HOME_NET any -> [89.32.41.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.164/; sid:900621707; rev:1;) alert tcp $HOME_NET any -> [85.204.116.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.131/; sid:900621706; rev:1;) alert tcp $HOME_NET any -> [104.194.215.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.118/; sid:900621705; rev:1;) alert tcp $HOME_NET any -> [45.67.228.231] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.228.231/; sid:900621701; rev:1;) alert tcp $HOME_NET any -> [103.84.238.3] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.84.238.3/; sid:900622001; rev:1;) alert tcp $HOME_NET any -> [85.143.223.89] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.89/; sid:900621698; rev:1;) alert tcp $HOME_NET any -> [94.156.189.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.189.197/; sid:900621699; rev:1;) alert tcp $HOME_NET any -> [5.253.63.119] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.119/; sid:900621700; rev:1;) alert tcp $HOME_NET any -> [45.15.253.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.27/; sid:900621696; rev:1;) alert tcp $HOME_NET any -> [85.204.116.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.132/; sid:900621695; rev:1;) alert tcp $HOME_NET any -> [136.243.142.131] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.142.131/; sid:900621692; rev:1;) alert tcp $HOME_NET any -> [195.123.226.124] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.226.124/; sid:900621693; rev:1;) alert tcp $HOME_NET any -> [31.202.132.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.159/; sid:900621694; rev:1;) alert tcp $HOME_NET any -> [93.189.44.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.44.235/; sid:900621690; rev:1;) alert tcp $HOME_NET any -> [185.224.132.65] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.224.132.65/; sid:900621708; rev:1;) alert tcp $HOME_NET any -> [139.60.163.39] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.39/; sid:900621709; rev:1;) alert tcp $HOME_NET any -> [107.172.141.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.141.10/; sid:900621688; rev:1;) alert tcp $HOME_NET any -> [168.235.102.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.102.16/; sid:900621711; rev:1;) alert tcp $HOME_NET any -> [104.194.215.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.161/; sid:900621691; rev:1;) alert tcp $HOME_NET any -> [192.243.101.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.101.211/; sid:900621702; rev:1;) alert tcp $HOME_NET any -> [23.94.93.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.93.106/; sid:900621704; rev:1;) alert tcp $HOME_NET any -> [85.204.116.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.138/; sid:900621703; rev:1;) alert tcp $HOME_NET any -> [185.43.6.250] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.6.250/; sid:900621697; rev:1;) alert tcp $HOME_NET any -> [81.177.140.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.140.60/; sid:900621689; rev:1;) alert tcp $HOME_NET any -> [217.107.34.77] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.77/; sid:900621683; rev:1;) alert tcp $HOME_NET any -> [195.123.246.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.2/; sid:900621678; rev:1;) alert tcp $HOME_NET any -> [195.123.238.188] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.188/; sid:900621675; rev:1;) alert tcp $HOME_NET any -> [195.133.196.102] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.196.102/; sid:900621668; rev:1;) alert tcp $HOME_NET any -> [89.105.203.180] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.105.203.180/; sid:900621665; rev:1;) alert tcp $HOME_NET any -> [23.94.137.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.223/; sid:900621662; rev:1;) alert tcp $HOME_NET any -> [194.36.191.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.191.21/; sid:900621660; rev:1;) alert tcp $HOME_NET any -> [195.123.246.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.41/; sid:900621664; rev:1;) alert tcp $HOME_NET any -> [104.194.215.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.57/; sid:900621663; rev:1;) alert tcp $HOME_NET any -> [80.87.193.47] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.193.47/; sid:900621661; rev:1;) alert tcp $HOME_NET any -> [107.175.62.231] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.62.231/; sid:900621658; rev:1;) alert tcp $HOME_NET any -> [185.141.25.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.101/; sid:900621670; rev:1;) alert tcp $HOME_NET any -> [192.99.255.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.255.37/; sid:900621754; rev:1;) alert tcp $HOME_NET any -> [185.183.97.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.133/; sid:900621755; rev:1;) alert tcp $HOME_NET any -> [185.252.144.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.213/; sid:900621659; rev:1;) alert tcp $HOME_NET any -> [168.235.81.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.81.133/; sid:900621673; rev:1;) alert tcp $HOME_NET any -> [185.141.26.80] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.26.80/; sid:900621657; rev:1;) alert tcp $HOME_NET any -> [193.124.176.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.176.170/; sid:900621671; rev:1;) alert tcp $HOME_NET any -> [195.123.212.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.212.230/; sid:900621676; rev:1;) alert tcp $HOME_NET any -> [195.123.233.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.162/; sid:900621677; rev:1;) alert tcp $HOME_NET any -> [185.62.103.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.103.137/; sid:900621680; rev:1;) alert tcp $HOME_NET any -> [107.173.141.227] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.141.227/; sid:900621682; rev:1;) alert tcp $HOME_NET any -> [195.133.144.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.144.87/; sid:900621679; rev:1;) alert tcp $HOME_NET any -> [91.240.84.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.110/; sid:900621672; rev:1;) alert tcp $HOME_NET any -> [93.95.97.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.97.68/; sid:900621669; rev:1;) alert tcp $HOME_NET any -> [51.83.52.180] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.52.180/; sid:900621686; rev:1;) alert tcp $HOME_NET any -> [125.99.253.34] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.253.34/; sid:900621994; rev:1;) alert tcp $HOME_NET any -> [162.244.32.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.226/; sid:900621687; rev:1;) alert tcp $HOME_NET any -> [192.227.204.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.204.230/; sid:900621667; rev:1;) alert tcp $HOME_NET any -> [92.38.171.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.12/; sid:900621666; rev:1;) alert tcp $HOME_NET any -> [92.38.171.20] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.20/; sid:900621674; rev:1;) alert tcp $HOME_NET any -> [185.172.129.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.150/; sid:900621685; rev:1;) alert tcp $HOME_NET any -> [212.80.216.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.202/; sid:900621684; rev:1;) alert tcp $HOME_NET any -> [162.244.32.130] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.130/; sid:900621744; rev:1;) alert tcp $HOME_NET any -> [194.36.191.23] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.191.23/; sid:900621740; rev:1;) alert tcp $HOME_NET any -> [212.109.223.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.223.12/; sid:900621741; rev:1;) alert tcp $HOME_NET any -> [82.202.194.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.194.182/; sid:900621653; rev:1;) alert tcp $HOME_NET any -> [95.181.198.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.173/; sid:900621651; rev:1;) alert tcp $HOME_NET any -> [23.94.137.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.179/; sid:900621650; rev:1;) alert tcp $HOME_NET any -> [195.123.238.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.152/; sid:900621649; rev:1;) alert tcp $HOME_NET any -> [213.226.68.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.68.75/; sid:900621652; rev:1;) alert tcp $HOME_NET any -> [185.242.84.174] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.84.174/; sid:900621648; rev:1;) alert tcp $HOME_NET any -> [94.103.94.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.103/; sid:900621654; rev:1;) alert tcp $HOME_NET any -> [185.244.149.216] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.216/; sid:900621655; rev:1;) alert tcp $HOME_NET any -> [206.217.143.91] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.217.143.91/; sid:900621645; rev:1;) alert tcp $HOME_NET any -> [23.94.184.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.45/; sid:900621647; rev:1;) alert tcp $HOME_NET any -> [107.191.109.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.191.109.143/; sid:900621646; rev:1;) alert tcp $HOME_NET any -> [89.32.41.127] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.127/; sid:900621644; rev:1;) alert tcp $HOME_NET any -> [66.70.218.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.38/; sid:900621643; rev:1;) alert tcp $HOME_NET any -> [82.118.21.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.91/; sid:900621642; rev:1;) alert tcp $HOME_NET any -> [151.80.88.253] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.88.253/; sid:900621630; rev:1;) alert tcp $HOME_NET any -> [185.180.198.148] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.148/; sid:900621621; rev:1;) alert tcp $HOME_NET any -> [195.161.62.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.25/; sid:900621631; rev:1;) alert tcp $HOME_NET any -> [195.161.114.191] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.114.191/; sid:900621628; rev:1;) alert tcp $HOME_NET any -> [185.246.64.77] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.64.77/; sid:900621622; rev:1;) alert tcp $HOME_NET any -> [162.247.155.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.131/; sid:900621623; rev:1;) alert tcp $HOME_NET any -> [198.46.190.37] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.190.37/; sid:900621624; rev:1;) alert tcp $HOME_NET any -> [91.240.85.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.85.141/; sid:900621626; rev:1;) alert tcp $HOME_NET any -> [45.67.228.192] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.228.192/; sid:900621625; rev:1;) alert tcp $HOME_NET any -> [93.189.42.220] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.220/; sid:900621627; rev:1;) alert tcp $HOME_NET any -> [37.44.215.169] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.169/; sid:900621632; rev:1;) alert tcp $HOME_NET any -> [149.202.225.160] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.160/; sid:900621633; rev:1;) alert tcp $HOME_NET any -> [107.175.69.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.69.34/; sid:900621614; rev:1;) alert tcp $HOME_NET any -> [188.246.227.208] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.246.227.208/; sid:900621610; rev:1;) alert tcp $HOME_NET any -> [23.95.242.213] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.242.213/; sid:900621608; rev:1;) alert tcp $HOME_NET any -> [78.155.206.85] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.85/; sid:900621605; rev:1;) alert tcp $HOME_NET any -> [195.123.227.224] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.227.224/; sid:900621599; rev:1;) alert tcp $HOME_NET any -> [37.18.30.99] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.99/; sid:900621600; rev:1;) alert tcp $HOME_NET any -> [164.132.216.41] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.41/; sid:900621601; rev:1;) alert tcp $HOME_NET any -> [198.12.71.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.71.138/; sid:900621597; rev:1;) alert tcp $HOME_NET any -> [37.18.30.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.55/; sid:900621603; rev:1;) alert tcp $HOME_NET any -> [185.61.148.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.207/; sid:900621606; rev:1;) alert tcp $HOME_NET any -> [185.90.61.7] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.7/; sid:900621607; rev:1;) alert tcp $HOME_NET any -> [37.44.212.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.182/; sid:900621611; rev:1;) alert tcp $HOME_NET any -> [185.172.129.109] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.109/; sid:900621596; rev:1;) alert tcp $HOME_NET any -> [37.44.215.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.106/; sid:900621609; rev:1;) alert tcp $HOME_NET any -> [191.101.251.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.101.251.146/; sid:900621615; rev:1;) alert tcp $HOME_NET any -> [198.12.71.171] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.71.171/; sid:900621595; rev:1;) alert tcp $HOME_NET any -> [5.196.247.4] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.247.4/; sid:900621598; rev:1;) alert tcp $HOME_NET any -> [37.44.215.156] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.156/; sid:900621616; rev:1;) alert tcp $HOME_NET any -> [5.253.63.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.106/; sid:900621629; rev:1;) alert tcp $HOME_NET any -> [91.235.129.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.166/; sid:900621602; rev:1;) alert tcp $HOME_NET any -> [89.32.41.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.126/; sid:900621637; rev:1;) alert tcp $HOME_NET any -> [185.252.144.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.55/; sid:900621619; rev:1;) alert tcp $HOME_NET any -> [91.235.129.119] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.119/; sid:900621620; rev:1;) alert tcp $HOME_NET any -> [91.240.85.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.85.19/; sid:900621613; rev:1;) alert tcp $HOME_NET any -> [23.95.9.156] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.9.156/; sid:900621635; rev:1;) alert tcp $HOME_NET any -> [185.43.6.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.6.87/; sid:900621617; rev:1;) alert tcp $HOME_NET any -> [78.155.207.191] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.207.191/; sid:900621640; rev:1;) alert tcp $HOME_NET any -> [146.185.219.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.45/; sid:900621618; rev:1;) alert tcp $HOME_NET any -> [23.95.9.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.9.122/; sid:900621641; rev:1;) alert tcp $HOME_NET any -> [193.37.212.81] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.81/; sid:900621757; rev:1;) alert tcp $HOME_NET any -> [172.245.241.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.241.25/; sid:900621656; rev:1;) alert tcp $HOME_NET any -> [168.227.229.112] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.227.229.112/; sid:900622021; rev:1;) alert tcp $HOME_NET any -> [107.172.2.128] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.2.128/; sid:900621634; rev:1;) alert tcp $HOME_NET any -> [45.15.253.25] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.25/; sid:900621638; rev:1;) alert tcp $HOME_NET any -> [185.86.151.23] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.23/; sid:900621591; rev:1;) alert tcp $HOME_NET any -> [192.243.108.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.137/; sid:900621612; rev:1;) alert tcp $HOME_NET any -> [94.140.125.143] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.125.143/; sid:900621590; rev:1;) alert tcp $HOME_NET any -> [195.123.213.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.213.186/; sid:900621756; rev:1;) alert tcp $HOME_NET any -> [85.119.150.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.119.150.159/; sid:900621639; rev:1;) alert tcp $HOME_NET any -> [89.32.41.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.122/; sid:900621636; rev:1;) alert tcp $HOME_NET any -> [37.44.215.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.107/; sid:900621592; rev:1;) alert tcp $HOME_NET any -> [185.82.200.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.82.200.7/; sid:900621594; rev:1;) alert tcp $HOME_NET any -> [37.44.212.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.86/; sid:900621589; rev:1;) alert tcp $HOME_NET any -> [185.86.151.115] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.115/; sid:900621587; rev:1;) alert tcp $HOME_NET any -> [37.44.212.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.196/; sid:900621588; rev:1;) alert tcp $HOME_NET any -> [37.44.212.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.203/; sid:900621586; rev:1;) alert tcp $HOME_NET any -> [31.184.255.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.255.100/; sid:900621580; rev:1;) alert tcp $HOME_NET any -> [85.204.116.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.41/; sid:900621585; rev:1;) alert tcp $HOME_NET any -> [139.60.163.38] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.38/; sid:900621579; rev:1;) alert tcp $HOME_NET any -> [131.196.184.141] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.196.184.141/; sid:900622025; rev:1;) alert tcp $HOME_NET any -> [195.123.233.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.99/; sid:900621581; rev:1;) alert tcp $HOME_NET any -> [185.172.129.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.147/; sid:900621584; rev:1;) alert tcp $HOME_NET any -> [164.132.216.63] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.63/; sid:900621577; rev:1;) alert tcp $HOME_NET any -> [191.101.251.141] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.101.251.141/; sid:900621583; rev:1;) alert tcp $HOME_NET any -> [185.117.73.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.73.76/; sid:900621576; rev:1;) alert tcp $HOME_NET any -> [185.135.81.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.81.147/; sid:900621582; rev:1;) alert tcp $HOME_NET any -> [85.204.116.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.45/; sid:900621575; rev:1;) alert tcp $HOME_NET any -> [85.204.116.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.94/; sid:900621573; rev:1;) alert tcp $HOME_NET any -> [51.75.58.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.58.173/; sid:900621567; rev:1;) alert tcp $HOME_NET any -> [107.181.175.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.69/; sid:900621569; rev:1;) alert tcp $HOME_NET any -> [85.204.116.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.95/; sid:900621574; rev:1;) alert tcp $HOME_NET any -> [185.244.219.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.219.46/; sid:900621570; rev:1;) alert tcp $HOME_NET any -> [194.87.103.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.103.190/; sid:900621572; rev:1;) alert tcp $HOME_NET any -> [185.66.14.248] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.14.248/; sid:900621566; rev:1;) alert tcp $HOME_NET any -> [195.123.246.177] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.177/; sid:900621564; rev:1;) alert tcp $HOME_NET any -> [185.66.15.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.15.10/; sid:900621565; rev:1;) alert tcp $HOME_NET any -> [176.119.158.184] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.119.158.184/; sid:900621563; rev:1;) alert tcp $HOME_NET any -> [109.234.35.127] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.35.127/; sid:900621562; rev:1;) alert tcp $HOME_NET any -> [213.226.68.117] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.68.117/; sid:900621560; rev:1;) alert tcp $HOME_NET any -> [195.123.237.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.186/; sid:900621561; rev:1;) alert tcp $HOME_NET any -> [185.175.156.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.175.156.13/; sid:900621578; rev:1;) alert tcp $HOME_NET any -> [91.235.129.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.167/; sid:900621558; rev:1;) alert tcp $HOME_NET any -> [5.188.168.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.61/; sid:900621557; rev:1;) alert tcp $HOME_NET any -> [185.224.134.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.224.134.124/; sid:900621556; rev:1;) alert tcp $HOME_NET any -> [185.251.38.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.244/; sid:900621555; rev:1;) alert tcp $HOME_NET any -> [82.202.221.160] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.221.160/; sid:900621554; rev:1;) alert tcp $HOME_NET any -> [85.143.219.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.53/; sid:900621553; rev:1;) alert tcp $HOME_NET any -> [107.181.175.44] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.44/; sid:900621551; rev:1;) alert tcp $HOME_NET any -> [5.189.224.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.224.172/; sid:900621550; rev:1;) alert tcp $HOME_NET any -> [142.44.157.144] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.157.144/; sid:900621549; rev:1;) alert tcp $HOME_NET any -> [37.18.30.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.179/; sid:900621546; rev:1;) alert tcp $HOME_NET any -> [195.123.240.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.126/; sid:900621548; rev:1;) alert tcp $HOME_NET any -> [146.185.219.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.31/; sid:900621547; rev:1;) alert tcp $HOME_NET any -> [212.22.77.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.77.5/; sid:900621559; rev:1;) alert tcp $HOME_NET any -> [5.188.41.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.41.101/; sid:900621552; rev:1;) alert tcp $HOME_NET any -> [95.181.179.96] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.179.96/; sid:900621539; rev:1;) alert tcp $HOME_NET any -> [195.123.240.148] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.148/; sid:900621540; rev:1;) alert tcp $HOME_NET any -> [93.95.97.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.97.209/; sid:900621544; rev:1;) alert tcp $HOME_NET any -> [91.240.84.166] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.166/; sid:900621545; rev:1;) alert tcp $HOME_NET any -> [188.68.210.159] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.210.159/; sid:900621542; rev:1;) alert tcp $HOME_NET any -> [213.226.71.157] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.71.157/; sid:900621541; rev:1;) alert tcp $HOME_NET any -> [95.46.8.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.46.8.206/; sid:900621543; rev:1;) alert tcp $HOME_NET any -> [45.8.229.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.229.101/; sid:900621538; rev:1;) alert tcp $HOME_NET any -> [162.244.32.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.139/; sid:900621537; rev:1;) alert tcp $HOME_NET any -> [78.155.206.28] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.28/; sid:900621535; rev:1;) alert tcp $HOME_NET any -> [66.70.218.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.60/; sid:900621536; rev:1;) alert tcp $HOME_NET any -> [185.86.151.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.123/; sid:900621534; rev:1;) alert tcp $HOME_NET any -> [37.44.215.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.80/; sid:900621533; rev:1;) alert tcp $HOME_NET any -> [144.217.50.240] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.240/; sid:900621530; rev:1;) alert tcp $HOME_NET any -> [185.255.79.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.167/; sid:900621529; rev:1;) alert tcp $HOME_NET any -> [144.217.50.241] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.241/; sid:900621528; rev:1;) alert tcp $HOME_NET any -> [190.13.160.19] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.160.19/; sid:900621995; rev:1;) alert tcp $HOME_NET any -> [190.152.4.210] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.4.210/; sid:900622013; rev:1;) alert tcp $HOME_NET any -> [85.204.116.215] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.215/; sid:900621526; rev:1;) alert tcp $HOME_NET any -> [144.217.50.243] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.243/; sid:900621527; rev:1;) alert tcp $HOME_NET any -> [107.173.104.136] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.104.136/; sid:900621532; rev:1;) alert tcp $HOME_NET any -> [195.123.246.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.67/; sid:900621531; rev:1;) alert tcp $HOME_NET any -> [107.173.57.251] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.251/; sid:900621525; rev:1;) alert tcp $HOME_NET any -> [37.18.30.80] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.80/; sid:900621520; rev:1;) alert tcp $HOME_NET any -> [54.38.127.26] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.26/; sid:900621519; rev:1;) alert tcp $HOME_NET any -> [5.188.168.36] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.36/; sid:900621518; rev:1;) alert tcp $HOME_NET any -> [85.143.217.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.217.57/; sid:900621517; rev:1;) alert tcp $HOME_NET any -> [185.61.148.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.53/; sid:900621521; rev:1;) alert tcp $HOME_NET any -> [85.204.116.217] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.217/; sid:900621522; rev:1;) alert tcp $HOME_NET any -> [164.132.216.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.50/; sid:900621512; rev:1;) alert tcp $HOME_NET any -> [94.250.254.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.254.247/; sid:900621513; rev:1;) alert tcp $HOME_NET any -> [109.94.110.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.94.110.137/; sid:900621514; rev:1;) alert tcp $HOME_NET any -> [194.36.189.243] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.243/; sid:900621516; rev:1;) alert tcp $HOME_NET any -> [46.105.33.163] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.33.163/; sid:900621515; rev:1;) alert tcp $HOME_NET any -> [79.137.119.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.119.212/; sid:900621523; rev:1;) alert tcp $HOME_NET any -> [170.238.117.187] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.238.117.187/; sid:900621980; rev:1;) alert tcp $HOME_NET any -> [185.161.211.185] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.161.211.185/; sid:900621524; rev:1;) alert tcp $HOME_NET any -> [37.230.116.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.230.116.113/; sid:900621511; rev:1;) alert tcp $HOME_NET any -> [82.202.194.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.194.179/; sid:900621510; rev:1;) alert tcp $HOME_NET any -> [85.204.116.172] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.172/; sid:900621508; rev:1;) alert tcp $HOME_NET any -> [94.140.116.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.116.225/; sid:900621509; rev:1;) alert tcp $HOME_NET any -> [109.234.37.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.37.139/; sid:900621506; rev:1;) alert tcp $HOME_NET any -> [54.38.127.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.27/; sid:900621507; rev:1;) alert tcp $HOME_NET any -> [185.255.79.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.58/; sid:900621505; rev:1;) alert tcp $HOME_NET any -> [85.204.116.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.101/; sid:900621503; rev:1;) alert tcp $HOME_NET any -> [91.235.129.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.88/; sid:900621504; rev:1;) alert tcp $HOME_NET any -> [5.188.168.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.29/; sid:900621502; rev:1;) alert tcp $HOME_NET any -> [176.113.80.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.113.80.103/; sid:900621500; rev:1;) alert tcp $HOME_NET any -> [195.123.245.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.101/; sid:900621499; rev:1;) alert tcp $HOME_NET any -> [217.107.34.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.29/; sid:900621495; rev:1;) alert tcp $HOME_NET any -> [188.68.209.25] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.209.25/; sid:900621496; rev:1;) alert tcp $HOME_NET any -> [82.118.21.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.226/; sid:900621498; rev:1;) alert tcp $HOME_NET any -> [82.118.21.209] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.209/; sid:900621497; rev:1;) alert tcp $HOME_NET any -> [85.204.116.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.170/; sid:900621501; rev:1;) alert tcp $HOME_NET any -> [79.141.166.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.141.166.54/; sid:900621494; rev:1;) alert tcp $HOME_NET any -> [138.185.247.169] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.185.247.169/; sid:900621969; rev:1;) alert tcp $HOME_NET any -> [185.251.38.22] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.22/; sid:900621493; rev:1;) alert tcp $HOME_NET any -> [85.143.222.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.222.236/; sid:900621492; rev:1;) alert tcp $HOME_NET any -> [92.38.135.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.83/; sid:900621489; rev:1;) alert tcp $HOME_NET any -> [37.44.215.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.190/; sid:900621488; rev:1;) alert tcp $HOME_NET any -> [195.161.62.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.90/; sid:900621487; rev:1;) alert tcp $HOME_NET any -> [77.244.219.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.244.219.57/; sid:900621485; rev:1;) alert tcp $HOME_NET any -> [179.43.147.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.43.147.84/; sid:900621484; rev:1;) alert tcp $HOME_NET any -> [51.77.2.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.2.193/; sid:900621483; rev:1;) alert tcp $HOME_NET any -> [93.170.123.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.170.123.234/; sid:900621481; rev:1;) alert tcp $HOME_NET any -> [37.44.215.191] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.191/; sid:900621486; rev:1;) alert tcp $HOME_NET any -> [198.8.91.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.37/; sid:900621482; rev:1;) alert tcp $HOME_NET any -> [190.119.180.226] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.119.180.226/; sid:900621976; rev:1;) alert tcp $HOME_NET any -> [186.47.87.22] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.87.22/; sid:900621975; rev:1;) alert tcp $HOME_NET any -> [185.142.99.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.19/; sid:900621471; rev:1;) alert tcp $HOME_NET any -> [193.37.214.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.214.153/; sid:900621472; rev:1;) alert tcp $HOME_NET any -> [185.206.146.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.146.54/; sid:900621470; rev:1;) alert tcp $HOME_NET any -> [104.193.252.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.193.252.212/; sid:900621469; rev:1;) alert tcp $HOME_NET any -> [185.172.129.120] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.120/; sid:900621476; rev:1;) alert tcp $HOME_NET any -> [46.21.248.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.248.45/; sid:900621477; rev:1;) alert tcp $HOME_NET any -> [164.132.216.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.54/; sid:900621473; rev:1;) alert tcp $HOME_NET any -> [185.180.198.239] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.239/; sid:900621474; rev:1;) alert tcp $HOME_NET any -> [185.180.198.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.181/; sid:900621475; rev:1;) alert tcp $HOME_NET any -> [139.60.163.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.51/; sid:900621468; rev:1;) alert tcp $HOME_NET any -> [146.196.122.167] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.167/; sid:900622015; rev:1;) alert tcp $HOME_NET any -> [185.117.72.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.72.140/; sid:900621478; rev:1;) alert tcp $HOME_NET any -> [37.44.212.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.99/; sid:900621479; rev:1;) alert tcp $HOME_NET any -> [185.203.117.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.117.225/; sid:900621466; rev:1;) alert tcp $HOME_NET any -> [176.113.80.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.113.80.14/; sid:900621464; rev:1;) alert tcp $HOME_NET any -> [91.92.128.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.128.178/; sid:900621465; rev:1;) alert tcp $HOME_NET any -> [37.44.215.42] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.42/; sid:900621467; rev:1;) alert tcp $HOME_NET any -> [194.36.189.217] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.217/; sid:900621458; rev:1;) alert tcp $HOME_NET any -> [37.44.215.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.41/; sid:900621459; rev:1;) alert tcp $HOME_NET any -> [192.3.247.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.133/; sid:900621462; rev:1;) alert tcp $HOME_NET any -> [185.251.38.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.129/; sid:900621463; rev:1;) alert tcp $HOME_NET any -> [92.38.135.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.109/; sid:900621457; rev:1;) alert tcp $HOME_NET any -> [37.44.215.255] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.255/; sid:900621456; rev:1;) alert tcp $HOME_NET any -> [94.156.35.32] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.32/; sid:900621461; rev:1;) alert tcp $HOME_NET any -> [51.254.160.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.160.193/; sid:900621568; rev:1;) alert tcp $HOME_NET any -> [107.173.57.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.182/; sid:900621460; rev:1;) alert tcp $HOME_NET any -> [192.3.83.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.173/; sid:900621452; rev:1;) alert tcp $HOME_NET any -> [46.30.41.241] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.241/; sid:900621451; rev:1;) alert tcp $HOME_NET any -> [201.231.74.241] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.74.241/; sid:900621970; rev:1;) alert tcp $HOME_NET any -> [149.202.225.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.162/; sid:900621454; rev:1;) alert tcp $HOME_NET any -> [185.244.149.92] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.92/; sid:900621453; rev:1;) alert tcp $HOME_NET any -> [107.173.57.163] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.163/; sid:900621450; rev:1;) alert tcp $HOME_NET any -> [185.255.79.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.22/; sid:900621449; rev:1;) alert tcp $HOME_NET any -> [104.216.111.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.216.111.236/; sid:900621448; rev:1;) alert tcp $HOME_NET any -> [107.181.175.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.93/; sid:900621447; rev:1;) alert tcp $HOME_NET any -> [89.223.94.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.94.15/; sid:900621446; rev:1;) alert tcp $HOME_NET any -> [46.161.54.232] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.161.54.232/; sid:900621441; rev:1;) alert tcp $HOME_NET any -> [94.23.172.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.172.196/; sid:900621440; rev:1;) alert tcp $HOME_NET any -> [187.58.56.26] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.58.56.26/; sid:900622019; rev:1;) alert tcp $HOME_NET any -> [195.123.245.135] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.135/; sid:900621443; rev:1;) alert tcp $HOME_NET any -> [5.188.108.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.14/; sid:900621439; rev:1;) alert tcp $HOME_NET any -> [46.161.39.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.161.39.207/; sid:900621442; rev:1;) alert tcp $HOME_NET any -> [176.31.213.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.213.238/; sid:900621444; rev:1;) alert tcp $HOME_NET any -> [95.213.203.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.213.203.181/; sid:900621445; rev:1;) alert tcp $HOME_NET any -> [181.129.49.98] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.49.98/; sid:900622029; rev:1;) alert tcp $HOME_NET any -> [185.244.149.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.206/; sid:900621434; rev:1;) alert tcp $HOME_NET any -> [191.37.181.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.37.181.152/; sid:900621997; rev:1;) alert tcp $HOME_NET any -> [94.23.174.183] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.174.183/; sid:900621435; rev:1;) alert tcp $HOME_NET any -> [185.61.149.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.38/; sid:900621436; rev:1;) alert tcp $HOME_NET any -> [94.103.94.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.154/; sid:900621430; rev:1;) alert tcp $HOME_NET any -> [176.223.133.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.223.133.178/; sid:900621429; rev:1;) alert tcp $HOME_NET any -> [213.32.46.142] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.46.142/; sid:900621426; rev:1;) alert tcp $HOME_NET any -> [185.117.119.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.86/; sid:900621427; rev:1;) alert tcp $HOME_NET any -> [177.103.240.149] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.240.149/; sid:900622008; rev:1;) alert tcp $HOME_NET any -> [189.80.134.122] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.80.134.122/; sid:900622004; rev:1;) alert tcp $HOME_NET any -> [103.117.232.198] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.117.232.198/; sid:900622010; rev:1;) alert tcp $HOME_NET any -> [78.155.206.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.190/; sid:900621433; rev:1;) alert tcp $HOME_NET any -> [176.53.21.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.53.21.234/; sid:900621432; rev:1;) alert tcp $HOME_NET any -> [188.68.208.165] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.208.165/; sid:900621428; rev:1;) alert tcp $HOME_NET any -> [81.177.136.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.5/; sid:900621422; rev:1;) alert tcp $HOME_NET any -> [194.99.20.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.20.44/; sid:900621406; rev:1;) alert tcp $HOME_NET any -> [23.95.132.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.132.246/; sid:900621405; rev:1;) alert tcp $HOME_NET any -> [87.106.136.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.136.232/; sid:900991688; rev:1;) alert tcp $HOME_NET any -> [186.81.160.22] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.81.160.22/; sid:900991686; rev:1;) alert tcp $HOME_NET any -> [60.48.253.12] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.48.253.12/; sid:900991678; rev:1;) alert tcp $HOME_NET any -> [104.236.99.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.99.225/; sid:900991663; rev:1;) alert tcp $HOME_NET any -> [201.97.95.50] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.95.50/; sid:900991662; rev:1;) alert tcp $HOME_NET any -> [5.67.205.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.67.205.99/; sid:900991659; rev:1;) alert tcp $HOME_NET any -> [76.86.20.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.86.20.103/; sid:900991658; rev:1;) alert tcp $HOME_NET any -> [194.87.102.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.102.92/; sid:900621401; rev:1;) alert tcp $HOME_NET any -> [190.246.166.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.246.166.217/; sid:900990311; rev:1;) alert tcp $HOME_NET any -> [181.141.87.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.141.87.122/; sid:900990304; rev:1;) alert tcp $HOME_NET any -> [201.212.24.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.24.6/; sid:900990301; rev:1;) alert tcp $HOME_NET any -> [181.198.67.178] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.67.178/; sid:900990295; rev:1;) alert tcp $HOME_NET any -> [46.21.105.59] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.105.59/; sid:900990294; rev:1;) alert tcp $HOME_NET any -> [70.44.163.160] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.44.163.160/; sid:900990288; rev:1;) alert tcp $HOME_NET any -> [181.15.180.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.180.140/; sid:900990287; rev:1;) alert tcp $HOME_NET any -> [80.86.92.114] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.86.92.114/; sid:900990283; rev:1;) alert tcp $HOME_NET any -> [159.65.241.220] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.241.220/; sid:900990282; rev:1;) alert tcp $HOME_NET any -> [174.96.5.251] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.5.251/; sid:900990168; rev:1;) alert tcp $HOME_NET any -> [178.63.50.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.63.50.54/; sid:900990155; rev:1;) alert tcp $HOME_NET any -> [104.131.11.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.11.150/; sid:900990154; rev:1;) alert tcp $HOME_NET any -> [164.132.138.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.136/; sid:900621395; rev:1;) alert tcp $HOME_NET any -> [185.202.174.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.13/; sid:900621396; rev:1;) alert tcp $HOME_NET any -> [164.132.138.142] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.142/; sid:900621437; rev:1;) alert tcp $HOME_NET any -> [85.143.223.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.209/; sid:900621408; rev:1;) alert tcp $HOME_NET any -> [185.61.148.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.198/; sid:900621407; rev:1;) alert tcp $HOME_NET any -> [185.244.131.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.131.186/; sid:900621414; rev:1;) alert tcp $HOME_NET any -> [212.80.216.235] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.235/; sid:900621392; rev:1;) alert tcp $HOME_NET any -> [5.39.119.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.119.173/; sid:900621390; rev:1;) alert tcp $HOME_NET any -> [181.129.140.140] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.140.140/; sid:900622022; rev:1;) alert tcp $HOME_NET any -> [185.147.14.233] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.147.14.233/; sid:900621388; rev:1;) alert tcp $HOME_NET any -> [46.249.204.99] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.249.204.99/; sid:900987193; rev:1;) alert tcp $HOME_NET any -> [79.143.182.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.182.254/; sid:900987191; rev:1;) alert tcp $HOME_NET any -> [62.75.141.51] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.141.51/; sid:900987184; rev:1;) alert tcp $HOME_NET any -> [62.192.227.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.192.227.125/; sid:900987182; rev:1;) alert tcp $HOME_NET any -> [82.71.157.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.71.157.57/; sid:900987181; rev:1;) alert tcp $HOME_NET any -> [87.246.58.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.246.58.59/; sid:900987180; rev:1;) alert tcp $HOME_NET any -> [190.252.229.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.252.229.53/; sid:900987179; rev:1;) alert tcp $HOME_NET any -> [71.43.69.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.69.2/; sid:900987178; rev:1;) alert tcp $HOME_NET any -> [94.103.94.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.87/; sid:900621382; rev:1;) alert tcp $HOME_NET any -> [82.118.21.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.35/; sid:900621381; rev:1;) alert tcp $HOME_NET any -> [105.228.3.127] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.3.127/; sid:900987142; rev:1;) alert tcp $HOME_NET any -> [23.95.95.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.95.18/; sid:900987114; rev:1;) alert tcp $HOME_NET any -> [5.188.108.30] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.30/; sid:900621380; rev:1;) alert tcp $HOME_NET any -> [185.252.144.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.25/; sid:900621383; rev:1;) alert tcp $HOME_NET any -> [164.132.216.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.57/; sid:900621377; rev:1;) alert tcp $HOME_NET any -> [78.155.199.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.199.57/; sid:900621384; rev:1;) alert tcp $HOME_NET any -> [37.18.30.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.51/; sid:900621389; rev:1;) alert tcp $HOME_NET any -> [185.61.149.169] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.169/; sid:900621375; rev:1;) alert tcp $HOME_NET any -> [134.209.14.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.14.155/; sid:900986923; rev:1;) alert tcp $HOME_NET any -> [74.207.227.96] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.207.227.96/; sid:900986922; rev:1;) alert tcp $HOME_NET any -> [107.173.104.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.104.139/; sid:900621369; rev:1;) alert tcp $HOME_NET any -> [94.103.94.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.49/; sid:900621366; rev:1;) alert tcp $HOME_NET any -> [162.244.32.212] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.212/; sid:900621367; rev:1;) alert tcp $HOME_NET any -> [195.123.237.9] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.9/; sid:900621368; rev:1;) alert tcp $HOME_NET any -> [37.220.0.62] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.0.62/; sid:900621365; rev:1;) alert tcp $HOME_NET any -> [37.44.215.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.151/; sid:900621364; rev:1;) alert tcp $HOME_NET any -> [152.89.245.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.245.196/; sid:900621371; rev:1;) alert tcp $HOME_NET any -> [37.44.215.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.207/; sid:900621372; rev:1;) alert tcp $HOME_NET any -> [89.223.91.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.91.12/; sid:900621393; rev:1;) alert tcp $HOME_NET any -> [185.251.39.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.162/; sid:900621418; rev:1;) alert tcp $HOME_NET any -> [5.206.225.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.206.225.10/; sid:900621419; rev:1;) alert tcp $HOME_NET any -> [92.38.135.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.212/; sid:900621370; rev:1;) alert tcp $HOME_NET any -> [185.86.149.40] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.149.40/; sid:900621376; rev:1;) alert tcp $HOME_NET any -> [107.181.175.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.122/; sid:900621391; rev:1;) alert tcp $HOME_NET any -> [186.42.186.202] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.186.202/; sid:900622024; rev:1;) alert tcp $HOME_NET any -> [89.223.30.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.30.84/; sid:900621363; rev:1;) alert tcp $HOME_NET any -> [81.177.136.16] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.16/; sid:900621425; rev:1;) alert tcp $HOME_NET any -> [181.31.49.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.49.178/; sid:900986018; rev:1;) alert tcp $HOME_NET any -> [200.80.198.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.80.198.34/; sid:900986004; rev:1;) alert tcp $HOME_NET any -> [181.211.130.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.130.109/; sid:900985998; rev:1;) alert tcp $HOME_NET any -> [186.71.75.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.75.2/; sid:900985997; rev:1;) alert tcp $HOME_NET any -> [86.155.233.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.155.233.74/; sid:900985996; rev:1;) alert tcp $HOME_NET any -> [81.143.213.156] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.143.213.156/; sid:900985995; rev:1;) alert tcp $HOME_NET any -> [80.0.106.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.0.106.83/; sid:900985994; rev:1;) alert tcp $HOME_NET any -> [37.44.215.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.133/; sid:900621362; rev:1;) alert tcp $HOME_NET any -> [181.175.142.212] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.142.212/; sid:900985925; rev:1;) alert tcp $HOME_NET any -> [45.55.201.204] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.201.204/; sid:900985904; rev:1;) alert tcp $HOME_NET any -> [104.236.206.44] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.206.44/; sid:900985903; rev:1;) alert tcp $HOME_NET any -> [159.192.229.157] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.192.229.157/; sid:900985901; rev:1;) alert tcp $HOME_NET any -> [189.154.42.168] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.42.168/; sid:900985899; rev:1;) alert tcp $HOME_NET any -> [69.251.12.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.251.12.43/; sid:900985898; rev:1;) alert tcp $HOME_NET any -> [194.32.79.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.32.79.218/; sid:900621361; rev:1;) alert tcp $HOME_NET any -> [92.38.135.205] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.205/; sid:900621413; rev:1;) alert tcp $HOME_NET any -> [195.54.163.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.163.5/; sid:900621359; rev:1;) alert tcp $HOME_NET any -> [95.213.191.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.213.191.109/; sid:900621357; rev:1;) alert tcp $HOME_NET any -> [89.134.144.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.134.144.41/; sid:900982921; rev:1;) alert tcp $HOME_NET any -> [187.190.237.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.237.104/; sid:900982919; rev:1;) alert tcp $HOME_NET any -> [190.123.35.82] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.123.35.82/; sid:900982916; rev:1;) alert tcp $HOME_NET any -> [216.154.222.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.154.222.52/; sid:900982895; rev:1;) alert tcp $HOME_NET any -> [81.213.182.115] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.182.115/; sid:900982894; rev:1;) alert tcp $HOME_NET any -> [217.113.27.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.113.27.158/; sid:900982893; rev:1;) alert tcp $HOME_NET any -> [134.101.222.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.101.222.153/; sid:900982892; rev:1;) alert tcp $HOME_NET any -> [219.74.237.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.74.237.49/; sid:900982891; rev:1;) alert tcp $HOME_NET any -> [181.164.227.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.227.212/; sid:900982890; rev:1;) alert tcp $HOME_NET any -> [174.136.14.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.136.14.100/; sid:900982735; rev:1;) alert tcp $HOME_NET any -> [103.251.176.34] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.251.176.34/; sid:900982733; rev:1;) alert tcp $HOME_NET any -> [186.50.124.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.50.124.246/; sid:900982732; rev:1;) alert tcp $HOME_NET any -> [73.189.66.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.189.66.63/; sid:900982730; rev:1;) alert tcp $HOME_NET any -> [37.228.119.247] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.119.247/; sid:900621358; rev:1;) alert tcp $HOME_NET any -> [5.188.108.22] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.22/; sid:900621356; rev:1;) alert tcp $HOME_NET any -> [187.178.9.19] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.9.19/; sid:900980582; rev:1;) alert tcp $HOME_NET any -> [45.73.124.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.124.235/; sid:900980578; rev:1;) alert tcp $HOME_NET any -> [163.18.23.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.18.23.242/; sid:900980573; rev:1;) alert tcp $HOME_NET any -> [31.179.135.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.179.135.186/; sid:900980556; rev:1;) alert tcp $HOME_NET any -> [189.143.52.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.143.52.49/; sid:900980555; rev:1;) alert tcp $HOME_NET any -> [71.244.60.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.244.60.230/; sid:900980432; rev:1;) alert tcp $HOME_NET any -> [138.68.13.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.13.161/; sid:900980431; rev:1;) alert tcp $HOME_NET any -> [207.44.45.27] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.44.45.27/; sid:900980430; rev:1;) alert tcp $HOME_NET any -> [90.57.69.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.57.69.215/; sid:900980426; rev:1;) alert tcp $HOME_NET any -> [51.38.101.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.101.194/; sid:900621490; rev:1;) alert tcp $HOME_NET any -> [81.183.213.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.183.213.36/; sid:900979336; rev:1;) alert tcp $HOME_NET any -> [181.15.243.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.243.22/; sid:900979333; rev:1;) alert tcp $HOME_NET any -> [181.143.101.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.101.18/; sid:900979331; rev:1;) alert tcp $HOME_NET any -> [185.129.93.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.129.93.140/; sid:900979330; rev:1;) alert tcp $HOME_NET any -> [205.186.154.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.186.154.130/; sid:900979322; rev:1;) alert tcp $HOME_NET any -> [190.13.211.174] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.211.174/; sid:900979310; rev:1;) alert tcp $HOME_NET any -> [217.92.171.167] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.92.171.167/; sid:900979309; rev:1;) alert tcp $HOME_NET any -> [191.97.116.232] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.97.116.232/; sid:900979308; rev:1;) alert tcp $HOME_NET any -> [187.242.204.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.242.204.142/; sid:900979307; rev:1;) alert tcp $HOME_NET any -> [186.121.223.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.121.223.131/; sid:900979306; rev:1;) alert tcp $HOME_NET any -> [190.72.136.214] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.136.214/; sid:900979256; rev:1;) alert tcp $HOME_NET any -> [41.184.246.205] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.184.246.205/; sid:900979246; rev:1;) alert tcp $HOME_NET any -> [94.59.49.76] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.49.76/; sid:900979245; rev:1;) alert tcp $HOME_NET any -> [105.247.109.117] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.109.117/; sid:900979244; rev:1;) alert tcp $HOME_NET any -> [134.196.53.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.196.53.52/; sid:900979243; rev:1;) alert tcp $HOME_NET any -> [195.123.240.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.58/; sid:900621360; rev:1;) alert tcp $HOME_NET any -> [201.238.152.20] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.152.20/; sid:900977257; rev:1;) alert tcp $HOME_NET any -> [201.199.89.223] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.199.89.223/; sid:900977251; rev:1;) alert tcp $HOME_NET any -> [46.100.165.6] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.100.165.6/; sid:900977243; rev:1;) alert tcp $HOME_NET any -> [169.239.182.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.239.182.217/; sid:900977242; rev:1;) alert tcp $HOME_NET any -> [88.198.62.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.198.62.227/; sid:900977232; rev:1;) alert tcp $HOME_NET any -> [186.31.189.232] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.31.189.232/; sid:900977229; rev:1;) alert tcp $HOME_NET any -> [86.97.246.229] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.229/; sid:900977228; rev:1;) alert tcp $HOME_NET any -> [183.82.100.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.100.135/; sid:900974788; rev:1;) alert tcp $HOME_NET any -> [182.176.132.213] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.132.213/; sid:900974787; rev:1;) alert tcp $HOME_NET any -> [211.252.7.11] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.252.7.11/; sid:900974780; rev:1;) alert tcp $HOME_NET any -> [186.56.192.241] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.56.192.241/; sid:900974768; rev:1;) alert tcp $HOME_NET any -> [187.192.147.246] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.147.246/; sid:900974766; rev:1;) alert tcp $HOME_NET any -> [81.3.6.78] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.3.6.78/; sid:900972555; rev:1;) alert tcp $HOME_NET any -> [37.59.1.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.1.74/; sid:900972547; rev:1;) alert tcp $HOME_NET any -> [200.59.189.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.59.189.217/; sid:900972542; rev:1;) alert tcp $HOME_NET any -> [83.110.195.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.195.120/; sid:900972535; rev:1;) alert tcp $HOME_NET any -> [38.143.223.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.143.223.215/; sid:900972529; rev:1;) alert tcp $HOME_NET any -> [181.39.134.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.134.122/; sid:900972528; rev:1;) alert tcp $HOME_NET any -> [186.150.97.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.97.69/; sid:900972527; rev:1;) alert tcp $HOME_NET any -> [181.110.239.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.110.239.26/; sid:900972526; rev:1;) alert tcp $HOME_NET any -> [201.217.67.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.217.67.3/; sid:900972525; rev:1;) alert tcp $HOME_NET any -> [136.243.177.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.177.26/; sid:900972512; rev:1;) alert tcp $HOME_NET any -> [62.75.146.221] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.146.221/; sid:900972500; rev:1;) alert tcp $HOME_NET any -> [206.212.248.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.212.248.178/; sid:900972499; rev:1;) alert tcp $HOME_NET any -> [222.214.218.136] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.214.218.136/; sid:900972498; rev:1;) alert tcp $HOME_NET any -> [66.84.11.168] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.84.11.168/; sid:900972497; rev:1;) alert tcp $HOME_NET any -> [190.53.135.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.53.135.159/; sid:900972496; rev:1;) alert tcp $HOME_NET any -> [177.246.193.139] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.246.193.139/; sid:900972495; rev:1;) alert tcp $HOME_NET any -> [201.97.131.88] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.131.88/; sid:900972494; rev:1;) alert tcp $HOME_NET any -> [88.21.212.13] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.21.212.13/; sid:900972493; rev:1;) alert tcp $HOME_NET any -> [68.52.43.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.52.43.253/; sid:900972492; rev:1;) alert tcp $HOME_NET any -> [181.16.127.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.127.226/; sid:900972490; rev:1;) alert tcp $HOME_NET any -> [148.244.114.49] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.244.114.49/; sid:900971615; rev:1;) alert tcp $HOME_NET any -> [94.14.58.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.14.58.32/; sid:900970717; rev:1;) alert tcp $HOME_NET any -> [91.83.93.124] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.124/; sid:900970548; rev:1;) alert tcp $HOME_NET any -> [105.224.171.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.171.102/; sid:900970545; rev:1;) alert tcp $HOME_NET any -> [203.25.159.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.25.159.3/; sid:900970540; rev:1;) alert tcp $HOME_NET any -> [190.180.52.146] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.52.146/; sid:900970537; rev:1;) alert tcp $HOME_NET any -> [200.127.0.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.0.8/; sid:900970531; rev:1;) alert tcp $HOME_NET any -> [218.161.88.253] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.161.88.253/; sid:900970525; rev:1;) alert tcp $HOME_NET any -> [78.155.207.144] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.207.144/; sid:900621420; rev:1;) alert tcp $HOME_NET any -> [177.242.202.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.202.30/; sid:900967421; rev:1;) alert tcp $HOME_NET any -> [181.63.2.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.63.2.226/; sid:900967420; rev:1;) alert tcp $HOME_NET any -> [183.82.110.170] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.110.170/; sid:900967412; rev:1;) alert tcp $HOME_NET any -> [87.106.23.241] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.23.241/; sid:900967396; rev:1;) alert tcp $HOME_NET any -> [188.138.91.26] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.138.91.26/; sid:900967395; rev:1;) alert tcp $HOME_NET any -> [186.113.19.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.19.171/; sid:900967394; rev:1;) alert tcp $HOME_NET any -> [194.87.93.18] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.93.18/; sid:900621355; rev:1;) alert tcp $HOME_NET any -> [164.132.138.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.141/; sid:900621354; rev:1;) alert tcp $HOME_NET any -> [201.231.44.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.44.78/; sid:900961016; rev:1;) alert tcp $HOME_NET any -> [103.255.150.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.255.150.84/; sid:900961014; rev:1;) alert tcp $HOME_NET any -> [159.65.22.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.22.223/; sid:900961005; rev:1;) alert tcp $HOME_NET any -> [24.139.205.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.205.186/; sid:900961004; rev:1;) alert tcp $HOME_NET any -> [189.183.234.170] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.183.234.170/; sid:900961002; rev:1;) alert tcp $HOME_NET any -> [189.213.208.168] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.208.168/; sid:900960040; rev:1;) alert tcp $HOME_NET any -> [201.203.99.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.203.99.129/; sid:900960037; rev:1;) alert tcp $HOME_NET any -> [85.132.96.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.132.96.242/; sid:900960026; rev:1;) alert tcp $HOME_NET any -> [217.199.175.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.199.175.216/; sid:900960024; rev:1;) alert tcp $HOME_NET any -> [111.67.12.221] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.67.12.221/; sid:900960015; rev:1;) alert tcp $HOME_NET any -> [216.98.148.136] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.136/; sid:900960014; rev:1;) alert tcp $HOME_NET any -> [185.198.57.70] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.70/; sid:900621805; rev:1;) alert tcp $HOME_NET any -> [186.159.1.217] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.1.217/; sid:900621977; rev:1;) alert tcp $HOME_NET any -> [181.199.151.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.199.151.19/; sid:900952616; rev:1;) alert tcp $HOME_NET any -> [200.45.57.96] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.45.57.96/; sid:900952599; rev:1;) alert tcp $HOME_NET any -> [159.69.211.211] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.211.211/; sid:900952591; rev:1;) alert tcp $HOME_NET any -> [190.85.206.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.206.228/; sid:900952590; rev:1;) alert tcp $HOME_NET any -> [115.132.227.247] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.132.227.247/; sid:900952589; rev:1;) alert tcp $HOME_NET any -> [222.104.222.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.104.222.145/; sid:900952588; rev:1;) alert tcp $HOME_NET any -> [189.196.140.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.196.140.187/; sid:900952587; rev:1;) alert tcp $HOME_NET any -> [200.58.171.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.171.51/; sid:900952586; rev:1;) alert tcp $HOME_NET any -> [84.241.10.111] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.241.10.111/; sid:900952489; rev:1;) alert tcp $HOME_NET any -> [119.155.153.14] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.155.153.14/; sid:900952470; rev:1;) alert tcp $HOME_NET any -> [217.199.175.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.199.175.217/; sid:900952463; rev:1;) alert tcp $HOME_NET any -> [178.152.78.149] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.78.149/; sid:900952462; rev:1;) alert tcp $HOME_NET any -> [189.134.78.42] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.78.42/; sid:900952461; rev:1;) alert tcp $HOME_NET any -> [75.177.169.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.177.169.225/; sid:900952459; rev:1;) alert tcp $HOME_NET any -> [37.211.38.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.38.50/; sid:900952458; rev:1;) alert tcp $HOME_NET any -> [192.227.232.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.63/; sid:900621353; rev:1;) alert tcp $HOME_NET any -> [185.243.115.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.243.115.149/; sid:900621394; rev:1;) alert tcp $HOME_NET any -> [164.132.138.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.134/; sid:900621352; rev:1;) alert tcp $HOME_NET any -> [78.188.7.213] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.7.213/; sid:900949762; rev:1;) alert tcp $HOME_NET any -> [178.79.161.166] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.161.166/; sid:900949752; rev:1;) alert tcp $HOME_NET any -> [176.63.173.71] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.63.173.71/; sid:900949748; rev:1;) alert tcp $HOME_NET any -> [182.188.47.206] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.188.47.206/; sid:900949745; rev:1;) alert tcp $HOME_NET any -> [186.85.38.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.85.38.31/; sid:900949744; rev:1;) alert tcp $HOME_NET any -> [69.45.19.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.45.19.252/; sid:900949739; rev:1;) alert tcp $HOME_NET any -> [117.196.47.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.196.47.110/; sid:900949734; rev:1;) alert tcp $HOME_NET any -> [185.183.97.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.173/; sid:900621480; rev:1;) alert tcp $HOME_NET any -> [122.254.81.113] 52087 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.254.81.113/; sid:900942602; rev:1;) alert tcp $HOME_NET any -> [199.159.9.41] 7465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.159.9.41/; sid:900942601; rev:1;) alert tcp $HOME_NET any -> [176.132.140.130] 21521 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.132.140.130/; sid:900942600; rev:1;) alert tcp $HOME_NET any -> [110.254.84.1] 16951 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.254.84.1/; sid:900942599; rev:1;) alert tcp $HOME_NET any -> [199.191.27.152] 11625 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.191.27.152/; sid:900942598; rev:1;) alert tcp $HOME_NET any -> [6.6.6.160] 21585 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.160/; sid:900942597; rev:1;) alert tcp $HOME_NET any -> [73.253.115.255] 24900 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.253.115.255/; sid:900942596; rev:1;) alert tcp $HOME_NET any -> [88.144.142.65] 31175 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.144.142.65/; sid:900942595; rev:1;) alert tcp $HOME_NET any -> [132.139.215.46] 37272 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.139.215.46/; sid:900942594; rev:1;) alert tcp $HOME_NET any -> [113.188.147.255] 55724 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.188.147.255/; sid:900942593; rev:1;) alert tcp $HOME_NET any -> [190.138.205.232] 59847 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.205.232/; sid:900942592; rev:1;) alert tcp $HOME_NET any -> [141.19.67.78] 32900 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.19.67.78/; sid:900942590; rev:1;) alert tcp $HOME_NET any -> [132.139.251.235] 16776 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.139.251.235/; sid:900942591; rev:1;) alert tcp $HOME_NET any -> [216.57.199.78] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.57.199.78/; sid:900942589; rev:1;) alert tcp $HOME_NET any -> [84.241.120.132] 53758 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.241.120.132/; sid:900942588; rev:1;) alert tcp $HOME_NET any -> [124.3.255.251] 50297 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.3.255.251/; sid:900942587; rev:1;) alert tcp $HOME_NET any -> [75.175.99.254] 50985 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.175.99.254/; sid:900942586; rev:1;) alert tcp $HOME_NET any -> [139.168.2.220] 28804 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.168.2.220/; sid:900942585; rev:1;) alert tcp $HOME_NET any -> [232.105.199.80] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.105.199.80/; sid:900942584; rev:1;) alert tcp $HOME_NET any -> [85.129.104.132] 53246 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.129.104.132/; sid:900942583; rev:1;) alert tcp $HOME_NET any -> [167.147.255.251] 46725 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.147.255.251/; sid:900942582; rev:1;) alert tcp $HOME_NET any -> [199.158.231.254] 51188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.158.231.254/; sid:900942581; rev:1;) alert tcp $HOME_NET any -> [6.96.132.140] 1542 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.96.132.140/; sid:900942580; rev:1;) alert tcp $HOME_NET any -> [115.255.251.247] 36191 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.255.251.247/; sid:900942579; rev:1;) alert tcp $HOME_NET any -> [120.234.254.85] 6779 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.234.254.85/; sid:900942578; rev:1;) alert tcp $HOME_NET any -> [6.6.6.15] 65533 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.15/; sid:900940184; rev:1;) alert tcp $HOME_NET any -> [211.122.254.81] 37579 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.122.254.81/; sid:900940183; rev:1;) alert tcp $HOME_NET any -> [234.251.164.38] 33930 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.251.164.38/; sid:900940182; rev:1;) alert tcp $HOME_NET any -> [141.199.159.10] 64798 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.199.159.10/; sid:900940181; rev:1;) alert tcp $HOME_NET any -> [181.176.132.139] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.132.139/; sid:900940180; rev:1;) alert tcp $HOME_NET any -> [183.255.253.38] 59489 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.255.253.38/; sid:900940179; rev:1;) alert tcp $HOME_NET any -> [147.110.254.83] 321 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.110.254.83/; sid:900940178; rev:1;) alert tcp $HOME_NET any -> [155.240.194.79] 33932 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.240.194.79/; sid:900940177; rev:1;) alert tcp $HOME_NET any -> [205.199.191.28] 64814 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.199.191.28/; sid:900940176; rev:1;) alert tcp $HOME_NET any -> [215.255.253.54] 18942 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.255.253.54/; sid:900940175; rev:1;) alert tcp $HOME_NET any -> [42.65.254.83] 22672 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.65.254.83/; sid:900940174; rev:1;) alert tcp $HOME_NET any -> [6.6.6.243] 33931 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.243/; sid:900940173; rev:1;) alert tcp $HOME_NET any -> [62.254.83.85] 60828 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.254.83.85/; sid:900940172; rev:1;) alert tcp $HOME_NET any -> [161.67.218.27] 19911 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.67.218.27/; sid:900938292; rev:1;) alert tcp $HOME_NET any -> [132.137.245.151] 62960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.137.245.151/; sid:900938291; rev:1;) alert tcp $HOME_NET any -> [113.20.167.255] 52470 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.20.167.255/; sid:900938290; rev:1;) alert tcp $HOME_NET any -> [76.212.20.19] 36295 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.212.20.19/; sid:900938289; rev:1;) alert tcp $HOME_NET any -> [80.181.224.132] 1790 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.181.224.132/; sid:900938288; rev:1;) alert tcp $HOME_NET any -> [162.215.255.252] 16582 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.215.255.252/; sid:900938287; rev:1;) alert tcp $HOME_NET any -> [47.6.116.254] 51042 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.6.116.254/; sid:900938286; rev:1;) alert tcp $HOME_NET any -> [138.57.185.83] 55428 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.57.185.83/; sid:900938285; rev:1;) alert tcp $HOME_NET any -> [119.205.199.49] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.205.199.49/; sid:900938284; rev:1;) alert tcp $HOME_NET any -> [80.213.208.132] 5374 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.213.208.132/; sid:900938283; rev:1;) alert tcp $HOME_NET any -> [174.247.255.252] 1018 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.247.255.252/; sid:900938282; rev:1;) alert tcp $HOME_NET any -> [132.176.70.254] 51179 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.176.70.254/; sid:900938281; rev:1;) alert tcp $HOME_NET any -> [137.106.154.40] 51332 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.106.154.40/; sid:900938280; rev:1;) alert tcp $HOME_NET any -> [136.13.199.172] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.13.199.172/; sid:900938279; rev:1;) alert tcp $HOME_NET any -> [81.245.192.132] 62718 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.245.192.132/; sid:900938278; rev:1;) alert tcp $HOME_NET any -> [61.247.255.253] 64151 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.247.255.253/; sid:900938277; rev:1;) alert tcp $HOME_NET any -> [61.199.146.203] 1551 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.199.146.203/; sid:900938276; rev:1;) alert tcp $HOME_NET any -> [197.184.132.138] 65105 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.184.132.138/; sid:900938275; rev:1;) alert tcp $HOME_NET any -> [141.226.254.83] 40714 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.226.254.83/; sid:900938274; rev:1;) alert tcp $HOME_NET any -> [54.60.232.97] 33931 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.60.232.97/; sid:900938273; rev:1;) alert tcp $HOME_NET any -> [141.199.1.65] 64806 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.199.1.65/; sid:900938272; rev:1;) alert tcp $HOME_NET any -> [117.168.132.140] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.168.132.140/; sid:900938271; rev:1;) alert tcp $HOME_NET any -> [231.255.253.46] 49743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/231.255.253.46/; sid:900938270; rev:1;) alert tcp $HOME_NET any -> [28.248.254.83] 48924 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.248.254.83/; sid:900938269; rev:1;) alert tcp $HOME_NET any -> [37.152.132.139] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.152.132.139/; sid:900938268; rev:1;) alert tcp $HOME_NET any -> [46.84.207.55] 1779 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.84.207.55/; sid:900938267; rev:1;) alert tcp $HOME_NET any -> [199.208.237.156] 16141 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.208.237.156/; sid:900938266; rev:1;) alert tcp $HOME_NET any -> [32.132.134.171] 19958 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.132.134.171/; sid:900938265; rev:1;) alert tcp $HOME_NET any -> [101.72.3.183] 35179 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.72.3.183/; sid:900938264; rev:1;) alert tcp $HOME_NET any -> [199.126.218.69] 46221 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.126.218.69/; sid:900938263; rev:1;) alert tcp $HOME_NET any -> [16.132.136.171] 20950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.132.136.171/; sid:900938262; rev:1;) alert tcp $HOME_NET any -> [47.254.81.246] 39464 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.254.81.246/; sid:900938261; rev:1;) alert tcp $HOME_NET any -> [6.6.6.39] 35321 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.39/; sid:900938260; rev:1;) alert tcp $HOME_NET any -> [215.251.55.255] 27371 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.251.55.255/; sid:900938259; rev:1;) alert tcp $HOME_NET any -> [238.118.184.234] 64967 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/238.118.184.234/; sid:900938258; rev:1;) alert tcp $HOME_NET any -> [132.137.55.206] 17912 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.137.55.206/; sid:900938257; rev:1;) alert tcp $HOME_NET any -> [20.54.247.255] 62871 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.54.247.255/; sid:900938256; rev:1;) alert tcp $HOME_NET any -> [108.127.219.199] 19911 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.127.219.199/; sid:900938255; rev:1;) alert tcp $HOME_NET any -> [132.136.204.246] 62952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.136.204.246/; sid:900938254; rev:1;) alert tcp $HOME_NET any -> [6.6.6.254] 5139 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.254/; sid:900938253; rev:1;) alert tcp $HOME_NET any -> [136.152.64.198] 57476 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.152.64.198/; sid:900938252; rev:1;) alert tcp $HOME_NET any -> [111.189.199.98] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.189.199.98/; sid:900938251; rev:1;) alert tcp $HOME_NET any -> [80.229.216.132] 29950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.229.216.132/; sid:900938250; rev:1;) alert tcp $HOME_NET any -> [42.247.255.252] 47443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.247.255.252/; sid:900938249; rev:1;) alert tcp $HOME_NET any -> [99.59.20.254] 50993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.59.20.254/; sid:900938248; rev:1;) alert tcp $HOME_NET any -> [136.229.3.250] 53380 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.229.3.250/; sid:900938247; rev:1;) alert tcp $HOME_NET any -> [128.13.199.235] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.13.199.235/; sid:900938246; rev:1;) alert tcp $HOME_NET any -> [81.53.200.132] 18174 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.53.200.132/; sid:900938245; rev:1;) alert tcp $HOME_NET any -> [16.71.255.252] 39464 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.71.255.252/; sid:900938244; rev:1;) alert tcp $HOME_NET any -> [56.202.244.254] 51116 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.202.244.254/; sid:900938243; rev:1;) alert tcp $HOME_NET any -> [138.1.250.151] 49284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.1.250.151/; sid:900938242; rev:1;) alert tcp $HOME_NET any -> [83.110.155.238] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.155.238/; sid:900937236; rev:1;) alert tcp $HOME_NET any -> [86.99.35.122] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.35.122/; sid:900937233; rev:1;) alert tcp $HOME_NET any -> [213.14.166.152] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.14.166.152/; sid:900937220; rev:1;) alert tcp $HOME_NET any -> [77.111.149.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.111.149.55/; sid:900937208; rev:1;) alert tcp $HOME_NET any -> [191.92.69.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.69.115/; sid:900937207; rev:1;) alert tcp $HOME_NET any -> [159.0.130.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.0.130.149/; sid:900937206; rev:1;) alert tcp $HOME_NET any -> [72.3.91.255] 1893 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.3.91.255/; sid:900935467; rev:1;) alert tcp $HOME_NET any -> [126.218.169.249] 57799 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.218.169.249/; sid:900935466; rev:1;) alert tcp $HOME_NET any -> [186.73.43.255] 5415 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.73.43.255/; sid:900935464; rev:1;) alert tcp $HOME_NET any -> [132.136.71.115] 23056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.136.71.115/; sid:900935465; rev:1;) alert tcp $HOME_NET any -> [139.111.65.14] 25031 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.111.65.14/; sid:900935463; rev:1;) alert tcp $HOME_NET any -> [132.138.6.235] 23040 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.138.6.235/; sid:900935462; rev:1;) alert tcp $HOME_NET any -> [6.187.255.252] 1542 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.187.255.252/; sid:900935461; rev:1;) alert tcp $HOME_NET any -> [118.84.234.254] 51182 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.84.234.254/; sid:900935460; rev:1;) alert tcp $HOME_NET any -> [137.187.206.112] 63620 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.187.206.112/; sid:900935459; rev:1;) alert tcp $HOME_NET any -> [84.161.199.161] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.161.199.161/; sid:900935458; rev:1;) alert tcp $HOME_NET any -> [81.249.240.132] 7166 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.249.240.132/; sid:900935457; rev:1;) alert tcp $HOME_NET any -> [55.27.255.252] 38676 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/55.27.255.252/; sid:900935456; rev:1;) alert tcp $HOME_NET any -> [126.87.199.254] 51052 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.87.199.254/; sid:900935455; rev:1;) alert tcp $HOME_NET any -> [138.32.246.113] 59524 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.32.246.113/; sid:900935454; rev:1;) alert tcp $HOME_NET any -> [102.225.199.76] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.225.199.76/; sid:900935453; rev:1;) alert tcp $HOME_NET any -> [82.89.224.132] 5118 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.89.224.132/; sid:900935452; rev:1;) alert tcp $HOME_NET any -> [164.91.255.252] 16582 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.91.255.252/; sid:900935451; rev:1;) alert tcp $HOME_NET any -> [47.234.116.254] 51042 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.234.116.254/; sid:900935450; rev:1;) alert tcp $HOME_NET any -> [9.216.132.136] 1618 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.216.132.136/; sid:900935449; rev:1;) alert tcp $HOME_NET any -> [27.255.252.119] 21292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.255.252.119/; sid:900935448; rev:1;) alert tcp $HOME_NET any -> [215.20.254.82] 12643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.20.254.82/; sid:900935447; rev:1;) alert tcp $HOME_NET any -> [137.3.250.176] 33930 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.3.250.176/; sid:900935446; rev:1;) alert tcp $HOME_NET any -> [113.199.235.134] 64639 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.235.134/; sid:900935445; rev:1;) alert tcp $HOME_NET any -> [217.200.132.138] 65105 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.200.132.138/; sid:900935444; rev:1;) alert tcp $HOME_NET any -> [171.255.252.135] 10254 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.255.252.135/; sid:900935443; rev:1;) alert tcp $HOME_NET any -> [38.244.254.81] 44089 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.244.254.81/; sid:900935442; rev:1;) alert tcp $HOME_NET any -> [221.250.151.61] 33929 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.250.151.61/; sid:900935441; rev:1;) alert tcp $HOME_NET any -> [161.199.146.204] 64783 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.199.146.204/; sid:900935440; rev:1;) alert tcp $HOME_NET any -> [41.184.132.139] 65106 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.184.132.139/; sid:900935439; rev:1;) alert tcp $HOME_NET any -> [199.61.142.8] 12785 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.61.142.8/; sid:900934216; rev:1;) alert tcp $HOME_NET any -> [57.216.107.255] 5971 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.216.107.255/; sid:900934215; rev:1;) alert tcp $HOME_NET any -> [60.115.138.250] 61895 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.115.138.250/; sid:900934214; rev:1;) alert tcp $HOME_NET any -> [133.20.87.101] 6680 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.87.101/; sid:900934213; rev:1;) alert tcp $HOME_NET any -> [180.30.11.255] 6003 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.30.11.255/; sid:900934212; rev:1;) alert tcp $HOME_NET any -> [9.31.148.47] 16839 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.31.148.47/; sid:900934211; rev:1;) alert tcp $HOME_NET any -> [133.20.69.39] 18952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.69.39/; sid:900934210; rev:1;) alert tcp $HOME_NET any -> [215.133.5.5] 55019 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.133.5.5/; sid:900934209; rev:1;) alert tcp $HOME_NET any -> [210.177.199.239] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.177.199.239/; sid:900934208; rev:1;) alert tcp $HOME_NET any -> [199.121.248.133] 60158 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.121.248.133/; sid:900934207; rev:1;) alert tcp $HOME_NET any -> [31.139.255.252] 52849 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.139.255.252/; sid:900934206; rev:1;) alert tcp $HOME_NET any -> [189.102.27.254] 51104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.102.27.254/; sid:900934205; rev:1;) alert tcp $HOME_NET any -> [40.133.19.84] 52106 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.133.19.84/; sid:900931459; rev:1;) alert tcp $HOME_NET any -> [175.107.200.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.200.27/; sid:900931041; rev:1;) alert tcp $HOME_NET any -> [103.201.150.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.201.150.209/; sid:900931028; rev:1;) alert tcp $HOME_NET any -> [190.171.230.41] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.230.41/; sid:900931027; rev:1;) alert tcp $HOME_NET any -> [103.213.212.42] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.213.212.42/; sid:900931025; rev:1;) alert tcp $HOME_NET any -> [185.94.252.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.249/; sid:900931022; rev:1;) alert tcp $HOME_NET any -> [185.94.252.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.27/; sid:900931021; rev:1;) alert tcp $HOME_NET any -> [177.225.175.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.225.175.199/; sid:900931020; rev:1;) alert tcp $HOME_NET any -> [181.142.29.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.142.29.90/; sid:900931019; rev:1;) alert tcp $HOME_NET any -> [24.150.44.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.150.44.53/; sid:900931018; rev:1;) alert tcp $HOME_NET any -> [5.5.5.186] 36360 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.186/; sid:900930533; rev:1;) alert tcp $HOME_NET any -> [133.19.23.83] 18976 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.19.23.83/; sid:900930532; rev:1;) alert tcp $HOME_NET any -> [71.118.11.255] 22373 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.118.11.255/; sid:900930531; rev:1;) alert tcp $HOME_NET any -> [126.95.121.249] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.95.121.249/; sid:900930530; rev:1;) alert tcp $HOME_NET any -> [133.21.23.115] 59920 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.23.115/; sid:900930529; rev:1;) alert tcp $HOME_NET any -> [186.212.123.255] 17703 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.212.123.255/; sid:900929218; rev:1;) alert tcp $HOME_NET any -> [139.234.17.14] 29127 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.234.17.14/; sid:900929217; rev:1;) alert tcp $HOME_NET any -> [133.20.214.235] 35328 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.214.235/; sid:900929216; rev:1;) alert tcp $HOME_NET any -> [5.139.255.252] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.139.255.252/; sid:900929215; rev:1;) alert tcp $HOME_NET any -> [1.4.234.254] 51183 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.4.234.254/; sid:900929214; rev:1;) alert tcp $HOME_NET any -> [15.139.206.113] 63621 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.139.206.113/; sid:900929213; rev:1;) alert tcp $HOME_NET any -> [202.177.199.160] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.177.199.160/; sid:900929212; rev:1;) alert tcp $HOME_NET any -> [199.73.240.133] 7166 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.73.240.133/; sid:900929211; rev:1;) alert tcp $HOME_NET any -> [192.75.255.252] 38675 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.75.255.252/; sid:900929210; rev:1;) alert tcp $HOME_NET any -> [15.48.246.112] 59525 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.48.246.112/; sid:900929209; rev:1;) alert tcp $HOME_NET any -> [199.9.224.133] 5118 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.9.224.133/; sid:900929208; rev:1;) alert tcp $HOME_NET any -> [28.235.255.252] 16583 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.235.255.252/; sid:900929207; rev:1;) alert tcp $HOME_NET any -> [137.200.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.200.133.15/; sid:900929191; rev:1;) alert tcp $HOME_NET any -> [123.255.253.17] 10122 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.255.253.17/; sid:900929190; rev:1;) alert tcp $HOME_NET any -> [54.244.254.199] 43968 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.244.254.199/; sid:900929189; rev:1;) alert tcp $HOME_NET any -> [141.250.150.195] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.250.150.195/; sid:900929188; rev:1;) alert tcp $HOME_NET any -> [121.184.133.22] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.184.133.22/; sid:900929187; rev:1;) alert tcp $HOME_NET any -> [139.255.5.5] 41906 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.5.5/; sid:900929186; rev:1;) alert tcp $HOME_NET any -> [199.158.143.1] 41713 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.158.143.1/; sid:900929185; rev:1;) alert tcp $HOME_NET any -> [176.133.22.138] 52745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.133.22.138/; sid:900929184; rev:1;) alert tcp $HOME_NET any -> [110.254.206.9] 47151 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.254.206.9/; sid:900929183; rev:1;) alert tcp $HOME_NET any -> [199.190.165.144] 45937 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.190.165.144/; sid:900929182; rev:1;) alert tcp $HOME_NET any -> [160.133.22.73] 52809 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.133.22.73/; sid:900929181; rev:1;) alert tcp $HOME_NET any -> [65.254.206.153] 2454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.254.206.153/; sid:900929180; rev:1;) alert tcp $HOME_NET any -> [46.84.73.139] 5583 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.84.73.139/; sid:900929179; rev:1;) alert tcp $HOME_NET any -> [199.208.115.48] 50353 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.208.115.48/; sid:900929178; rev:1;) alert tcp $HOME_NET any -> [5.5.5.144] 52585 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.144/; sid:900929177; rev:1;) alert tcp $HOME_NET any -> [114.70.139.255] 53676 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.70.139.255/; sid:900929176; rev:1;) alert tcp $HOME_NET any -> [145.200.123.255] 58347 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.200.123.255/; sid:900928986; rev:1;) alert tcp $HOME_NET any -> [234.234.219.80] 61895 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.234.219.80/; sid:900928985; rev:1;) alert tcp $HOME_NET any -> [133.23.27.67] 35200 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.23.27.67/; sid:900928984; rev:1;) alert tcp $HOME_NET any -> [122.6.11.255] 61892 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.6.11.255/; sid:900928983; rev:1;) alert tcp $HOME_NET any -> [41.213.119.99] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.213.119.99/; sid:900928982; rev:1;) alert tcp $HOME_NET any -> [133.21.160.2] 18800 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.160.2/; sid:900928981; rev:1;) alert tcp $HOME_NET any -> [28.69.207.254] 51025 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.69.207.254/; sid:900928980; rev:1;) alert tcp $HOME_NET any -> [22.146.182.134] 26757 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/22.146.182.134/; sid:900928979; rev:1;) alert tcp $HOME_NET any -> [105.177.199.244] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.177.199.244/; sid:900928978; rev:1;) alert tcp $HOME_NET any -> [207.137.96.133] 59390 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.137.96.133/; sid:900928977; rev:1;) alert tcp $HOME_NET any -> [229.107.255.251] 46221 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.107.255.251/; sid:900928976; rev:1;) alert tcp $HOME_NET any -> [1.160.234.254] 50971 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.160.234.254/; sid:900928975; rev:1;) alert tcp $HOME_NET any -> [23.147.214.94] 22661 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.147.214.94/; sid:900928974; rev:1;) alert tcp $HOME_NET any -> [121.241.199.74] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.241.199.74/; sid:900928973; rev:1;) alert tcp $HOME_NET any -> [207.105.80.133] 13310 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.105.80.133/; sid:900928972; rev:1;) alert tcp $HOME_NET any -> [189.139.255.251] 34600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.139.255.251/; sid:900928971; rev:1;) alert tcp $HOME_NET any -> [36.18.165.254] 51161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.18.165.254/; sid:900928970; rev:1;) alert tcp $HOME_NET any -> [109.187.254.204] 2354 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.187.254.204/; sid:900928968; rev:1;) alert tcp $HOME_NET any -> [5.5.5.20] 18565 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.20/; sid:900928969; rev:1;) alert tcp $HOME_NET any -> [165.218.138.154] 34068 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.218.138.154/; sid:900928967; rev:1;) alert tcp $HOME_NET any -> [113.199.6.41] 64781 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.6.41/; sid:900928966; rev:1;) alert tcp $HOME_NET any -> [121.56.133.21] 65228 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.56.133.21/; sid:900928965; rev:1;) alert tcp $HOME_NET any -> [139.255.253.37] 58805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.253.37/; sid:900928964; rev:1;) alert tcp $HOME_NET any -> [218.20.254.207] 33415 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.20.254.207/; sid:900928963; rev:1;) alert tcp $HOME_NET any -> [15.73.151.19] 61573 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.73.151.19/; sid:900928736; rev:1;) alert tcp $HOME_NET any -> [227.1.199.108] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/227.1.199.108/; sid:900928735; rev:1;) alert tcp $HOME_NET any -> [199.137.232.133] 51198 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.137.232.133/; sid:900928734; rev:1;) alert tcp $HOME_NET any -> [139.27.255.252] 63088 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.27.255.252/; sid:900928733; rev:1;) alert tcp $HOME_NET any -> [77.168.19.254] 51020 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.168.19.254/; sid:900928732; rev:1;) alert tcp $HOME_NET any -> [15.36.64.199] 57477 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.36.64.199/; sid:900928731; rev:1;) alert tcp $HOME_NET any -> [234.49.199.97] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.49.199.97/; sid:900928730; rev:1;) alert tcp $HOME_NET any -> [5.5.5.199] 29950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.199/; sid:900928729; rev:1;) alert tcp $HOME_NET any -> [229.185.82.181] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.185.82.181/; sid:900928728; rev:1;) alert tcp $HOME_NET any -> [137.192.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.192.133.15/; sid:900928721; rev:1;) alert tcp $HOME_NET any -> [75.255.252.137] 38595 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.252.137/; sid:900928720; rev:1;) alert tcp $HOME_NET any -> [111.122.254.199] 37461 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.122.254.199/; sid:900928719; rev:1;) alert tcp $HOME_NET any -> [86.251.163.178] 34070 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.251.163.178/; sid:900928718; rev:1;) alert tcp $HOME_NET any -> [5.252.162.241] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.252.162.241/; sid:900928717; rev:1;) alert tcp $HOME_NET any -> [226.254.206.9] 36609 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/226.254.206.9/; sid:900928716; rev:1;) alert tcp $HOME_NET any -> [60.232.216.11] 5770 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.232.216.11/; sid:900928715; rev:1;) alert tcp $HOME_NET any -> [199.0.184.47] 39745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.0.184.47/; sid:900928714; rev:1;) alert tcp $HOME_NET any -> [168.133.21.39] 52745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.133.21.39/; sid:900928713; rev:1;) alert tcp $HOME_NET any -> [199.89.9.150] 43889 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.89.9.150/; sid:900928711; rev:1;) alert tcp $HOME_NET any -> [152.133.21.207] 52889 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.133.21.207/; sid:900928710; rev:1;) alert tcp $HOME_NET any -> [62.254.205.105] 29488 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.254.205.105/; sid:900928709; rev:1;) alert tcp $HOME_NET any -> [133.22.209.172] 1424 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.22.209.172/; sid:900928708; rev:1;) alert tcp $HOME_NET any -> [191.16.213.232] 49607 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.16.213.232/; sid:900928400; rev:1;) alert tcp $HOME_NET any -> [133.21.227.235] 18824 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.227.235/; sid:900928399; rev:1;) alert tcp $HOME_NET any -> [78.87.11.255] 6979 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.11.255/; sid:900928398; rev:1;) alert tcp $HOME_NET any -> [79.38.82.209] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.38.82.209/; sid:900928397; rev:1;) alert tcp $HOME_NET any -> [133.22.241.196] 63864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.22.241.196/; sid:900928396; rev:1;) alert tcp $HOME_NET any -> [220.204.75.255] 40962 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.204.75.255/; sid:900928395; rev:1;) alert tcp $HOME_NET any -> [28.155.255.251] 46726 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.155.255.251/; sid:900928392; rev:1;) alert tcp $HOME_NET any -> [81.166.231.254] 51188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.166.231.254/; sid:900928391; rev:1;) alert tcp $HOME_NET any -> [22.178.180.141] 24709 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/22.178.180.141/; sid:900928390; rev:1;) alert tcp $HOME_NET any -> [129.177.199.27] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.177.199.27/; sid:900928389; rev:1;) alert tcp $HOME_NET any -> [207.89.88.133] 60158 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.89.88.133/; sid:900928388; rev:1;) alert tcp $HOME_NET any -> [138.75.255.251] 54878 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.75.255.251/; sid:900928387; rev:1;) alert tcp $HOME_NET any -> [125.1.199.217] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.1.199.217/; sid:900928385; rev:1;) alert tcp $HOME_NET any -> [20.105.135.40] 20613 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.105.135.40/; sid:900928386; rev:1;) alert tcp $HOME_NET any -> [133.196.58.95] 1300 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.196.58.95/; sid:900928383; rev:1;) alert tcp $HOME_NET any -> [204.9.72.133] 42494 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.9.72.133/; sid:900928384; rev:1;) alert tcp $HOME_NET any -> [49.199.9.50] 64405 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.199.9.50/; sid:900928382; rev:1;) alert tcp $HOME_NET any -> [9.64.133.20] 65228 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.64.133.20/; sid:900928381; rev:1;) alert tcp $HOME_NET any -> [75.255.253.13] 35482 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.253.13/; sid:900928380; rev:1;) alert tcp $HOME_NET any -> [49.24.229.181] 34069 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.24.229.181/; sid:900928378; rev:1;) alert tcp $HOME_NET any -> [28.101.254.204] 1577 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.101.254.204/; sid:900928379; rev:1;) alert tcp $HOME_NET any -> [113.199.130.135] 64805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.130.135/; sid:900928377; rev:1;) alert tcp $HOME_NET any -> [137.48.133.23] 65231 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.48.133.23/; sid:900928376; rev:1;) alert tcp $HOME_NET any -> [139.255.253.30] 56562 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.253.30/; sid:900928375; rev:1;) alert tcp $HOME_NET any -> [234.141.254.207] 35815 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.141.254.207/; sid:900928374; rev:1;) alert tcp $HOME_NET any -> [5.129.199.81] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.129.199.81/; sid:900928275; rev:1;) alert tcp $HOME_NET any -> [207.137.104.133] 53246 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.137.104.133/; sid:900928274; rev:1;) alert tcp $HOME_NET any -> [68.73.131.107] 5705 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.73.131.107/; sid:900928273; rev:1;) alert tcp $HOME_NET any -> [113.199.49.220] 64770 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.49.220/; sid:900928202; rev:1;) alert tcp $HOME_NET any -> [105.208.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.208.133.15/; sid:900928201; rev:1;) alert tcp $HOME_NET any -> [139.255.252.250] 64297 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.252.250/; sid:900928200; rev:1;) alert tcp $HOME_NET any -> [12.70.254.199] 60411 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.70.254.199/; sid:900928199; rev:1;) alert tcp $HOME_NET any -> [86.154.39.138] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.154.39.138/; sid:900928198; rev:1;) alert tcp $HOME_NET any -> [177.199.171.192] 64785 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.199.171.192/; sid:900928197; rev:1;) alert tcp $HOME_NET any -> [168.122.116.254] 51041 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.122.116.254/; sid:900928068; rev:1;) alert tcp $HOME_NET any -> [89.216.133.15] 1479 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.216.133.15/; sid:900928067; rev:1;) alert tcp $HOME_NET any -> [135.20.254.199] 12764 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.20.254.199/; sid:900928065; rev:1;) alert tcp $HOME_NET any -> [75.255.253.2] 21173 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.253.2/; sid:900928066; rev:1;) alert tcp $HOME_NET any -> [89.3.251.41] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.3.251.41/; sid:900928064; rev:1;) alert tcp $HOME_NET any -> [129.199.235.251] 64762 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.199.235.251/; sid:900928063; rev:1;) alert tcp $HOME_NET any -> [50.101.180.172] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.101.180.172/; sid:900927995; rev:1;) alert tcp $HOME_NET any -> [119.93.243.2] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.93.243.2/; sid:900927991; rev:1;) alert tcp $HOME_NET any -> [177.230.108.144] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.230.108.144/; sid:900927985; rev:1;) alert tcp $HOME_NET any -> [212.22.215.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.215.140/; sid:900927980; rev:1;) alert tcp $HOME_NET any -> [195.99.230.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.99.230.208/; sid:900927982; rev:1;) alert tcp $HOME_NET any -> [45.249.156.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.249.156.10/; sid:900927974; rev:1;) alert tcp $HOME_NET any -> [144.202.9.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.9.18/; sid:900927971; rev:1;) alert tcp $HOME_NET any -> [149.255.56.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.56.242/; sid:900927970; rev:1;) alert tcp $HOME_NET any -> [190.112.228.47] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.112.228.47/; sid:900927969; rev:1;) alert tcp $HOME_NET any -> [68.229.130.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.229.130.39/; sid:900927967; rev:1;) alert tcp $HOME_NET any -> [186.10.243.70] 8082 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.243.70/; sid:900621967; rev:1;) alert tcp $HOME_NET any -> [164.132.138.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.130/; sid:900621571; rev:1;) alert tcp $HOME_NET any -> [54.38.127.31] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.31/; sid:900621455; rev:1;) alert tcp $HOME_NET any -> [45.118.216.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.118.216.70/; sid:900913254; rev:1;) alert tcp $HOME_NET any -> [77.82.85.35] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.82.85.35/; sid:900913249; rev:1;) alert tcp $HOME_NET any -> [197.91.152.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.91.152.93/; sid:900913248; rev:1;) alert tcp $HOME_NET any -> [152.168.82.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.82.167/; sid:900913247; rev:1;) alert tcp $HOME_NET any -> [78.149.210.116] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.149.210.116/; sid:900913246; rev:1;) alert tcp $HOME_NET any -> [91.205.215.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.66/; sid:900913244; rev:1;) alert tcp $HOME_NET any -> [109.154.221.151] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.154.221.151/; sid:900913238; rev:1;) alert tcp $HOME_NET any -> [125.62.120.125] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.62.120.125/; sid:900913231; rev:1;) alert tcp $HOME_NET any -> [2.50.52.255] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.52.255/; sid:900913224; rev:1;) alert tcp $HOME_NET any -> [177.231.157.189] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.231.157.189/; sid:900913217; rev:1;) alert tcp $HOME_NET any -> [189.166.20.113] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.20.113/; sid:900913216; rev:1;) alert tcp $HOME_NET any -> [103.11.83.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.11.83.52/; sid:900913215; rev:1;) alert tcp $HOME_NET any -> [212.80.216.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.126/; sid:900621814; rev:1;) alert tcp $HOME_NET any -> [200.107.105.16] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.107.105.16/; sid:900907004; rev:1;) alert tcp $HOME_NET any -> [196.6.112.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.6.112.70/; sid:900906992; rev:1;) alert tcp $HOME_NET any -> [213.172.88.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.172.88.13/; sid:900906990; rev:1;) alert tcp $HOME_NET any -> [66.228.45.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.45.129/; sid:900906978; rev:1;) alert tcp $HOME_NET any -> [179.62.249.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.249.189/; sid:900906977; rev:1;) alert tcp $HOME_NET any -> [181.30.126.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.126.66/; sid:900906976; rev:1;) alert tcp $HOME_NET any -> [181.37.126.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.37.126.2/; sid:900906975; rev:1;) alert tcp $HOME_NET any -> [124.253.18.48] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.253.18.48/; sid:900906897; rev:1;) alert tcp $HOME_NET any -> [31.14.240.162] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.14.240.162/; sid:900906892; rev:1;) alert tcp $HOME_NET any -> [31.163.99.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.163.99.231/; sid:900906886; rev:1;) alert tcp $HOME_NET any -> [201.248.5.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.5.197/; sid:900906881; rev:1;) alert tcp $HOME_NET any -> [165.255.52.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.52.192/; sid:900906880; rev:1;) alert tcp $HOME_NET any -> [82.0.19.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.0.19.40/; sid:900906879; rev:1;) alert tcp $HOME_NET any -> [105.227.156.151] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.156.151/; sid:900895454; rev:1;) alert tcp $HOME_NET any -> [88.238.251.233] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.238.251.233/; sid:900895430; rev:1;) alert tcp $HOME_NET any -> [216.98.148.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.156/; sid:900895427; rev:1;) alert tcp $HOME_NET any -> [202.133.72.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.133.72.136/; sid:900895426; rev:1;) alert tcp $HOME_NET any -> [94.11.25.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.11.25.255/; sid:900895425; rev:1;) alert tcp $HOME_NET any -> [117.193.28.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.193.28.115/; sid:900895424; rev:1;) alert tcp $HOME_NET any -> [181.29.186.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.186.65/; sid:900891454; rev:1;) alert tcp $HOME_NET any -> [200.90.201.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.201.77/; sid:900891444; rev:1;) alert tcp $HOME_NET any -> [77.44.16.54] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.16.54/; sid:900891443; rev:1;) alert tcp $HOME_NET any -> [107.159.94.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.159.94.183/; sid:900891439; rev:1;) alert tcp $HOME_NET any -> [187.137.162.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.162.145/; sid:900891426; rev:1;) alert tcp $HOME_NET any -> [88.215.2.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.215.2.29/; sid:900891425; rev:1;) alert tcp $HOME_NET any -> [187.188.166.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.166.192/; sid:900891424; rev:1;) alert tcp $HOME_NET any -> [189.213.62.223] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.62.223/; sid:900891359; rev:1;) alert tcp $HOME_NET any -> [105.184.150.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.150.227/; sid:900891356; rev:1;) alert tcp $HOME_NET any -> [190.186.203.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.203.55/; sid:900891346; rev:1;) alert tcp $HOME_NET any -> [49.248.84.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.84.88/; sid:900891330; rev:1;) alert tcp $HOME_NET any -> [83.110.148.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.148.19/; sid:900891329; rev:1;) alert tcp $HOME_NET any -> [189.154.67.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.67.254/; sid:900891328; rev:1;) alert tcp $HOME_NET any -> [190.147.116.32] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.116.32/; sid:900889692; rev:1;) alert tcp $HOME_NET any -> [88.97.26.73] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.97.26.73/; sid:900889687; rev:1;) alert tcp $HOME_NET any -> [190.192.113.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.192.113.159/; sid:900889685; rev:1;) alert tcp $HOME_NET any -> [189.225.119.52] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.119.52/; sid:900889684; rev:1;) alert tcp $HOME_NET any -> [201.218.115.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.218.115.202/; sid:900889682; rev:1;) alert tcp $HOME_NET any -> [189.205.185.71] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.185.71/; sid:900889674; rev:1;) alert tcp $HOME_NET any -> [200.28.131.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.28.131.215/; sid:900889666; rev:1;) alert tcp $HOME_NET any -> [190.85.100.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.100.102/; sid:900889665; rev:1;) alert tcp $HOME_NET any -> [190.104.67.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.67.90/; sid:900889664; rev:1;) alert tcp $HOME_NET any -> [203.194.46.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.194.46.115/; sid:900887352; rev:1;) alert tcp $HOME_NET any -> [178.87.73.140] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.87.73.140/; sid:900887346; rev:1;) alert tcp $HOME_NET any -> [190.147.53.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.53.122/; sid:900887345; rev:1;) alert tcp $HOME_NET any -> [189.208.59.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.59.61/; sid:900887340; rev:1;) alert tcp $HOME_NET any -> [59.96.96.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.96.96.73/; sid:900887331; rev:1;) alert tcp $HOME_NET any -> [78.169.89.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.169.89.21/; sid:900887330; rev:1;) alert tcp $HOME_NET any -> [86.98.94.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.94.57/; sid:900887329; rev:1;) alert tcp $HOME_NET any -> [180.180.141.175] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.180.141.175/; sid:900886880; rev:1;) alert tcp $HOME_NET any -> [83.110.207.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.207.126/; sid:900886874; rev:1;) alert tcp $HOME_NET any -> [89.218.55.146] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.218.55.146/; sid:900886872; rev:1;) alert tcp $HOME_NET any -> [180.150.87.75] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.150.87.75/; sid:900886861; rev:1;) alert tcp $HOME_NET any -> [124.120.240.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.120.240.114/; sid:900886858; rev:1;) alert tcp $HOME_NET any -> [114.134.90.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.134.90.17/; sid:900886857; rev:1;) alert tcp $HOME_NET any -> [69.45.19.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.45.19.145/; sid:900886853; rev:1;) alert tcp $HOME_NET any -> [94.130.35.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.130.35.140/; sid:900886852; rev:1;) alert tcp $HOME_NET any -> [78.100.187.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.187.118/; sid:900886851; rev:1;) alert tcp $HOME_NET any -> [77.56.253.112] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.56.253.112/; sid:900886850; rev:1;) alert tcp $HOME_NET any -> [73.31.185.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.31.185.166/; sid:900886849; rev:1;) alert tcp $HOME_NET any -> [200.82.142.66] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.142.66/; sid:900884478; rev:1;) alert tcp $HOME_NET any -> [86.151.202.16] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.151.202.16/; sid:900884476; rev:1;) alert tcp $HOME_NET any -> [186.77.56.180] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.77.56.180/; sid:900884475; rev:1;) alert tcp $HOME_NET any -> [201.238.175.6] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.175.6/; sid:900884472; rev:1;) alert tcp $HOME_NET any -> [60.50.212.17] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.50.212.17/; sid:900884469; rev:1;) alert tcp $HOME_NET any -> [187.144.221.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.221.205/; sid:900884465; rev:1;) alert tcp $HOME_NET any -> [105.228.33.125] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.33.125/; sid:900884459; rev:1;) alert tcp $HOME_NET any -> [189.131.189.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.189.158/; sid:900884450; rev:1;) alert tcp $HOME_NET any -> [88.250.109.70] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.109.70/; sid:900884451; rev:1;) alert tcp $HOME_NET any -> [190.173.155.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.173.155.124/; sid:900884449; rev:1;) alert tcp $HOME_NET any -> [191.98.76.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.98.76.73/; sid:900884415; rev:1;) alert tcp $HOME_NET any -> [197.89.110.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.110.52/; sid:900884414; rev:1;) alert tcp $HOME_NET any -> [193.239.235.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.235.150/; sid:900884412; rev:1;) alert tcp $HOME_NET any -> [110.36.100.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.100.190/; sid:900884406; rev:1;) alert tcp $HOME_NET any -> [187.137.61.181] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.61.181/; sid:900884401; rev:1;) alert tcp $HOME_NET any -> [61.2.18.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.2.18.93/; sid:900884399; rev:1;) alert tcp $HOME_NET any -> [41.58.131.24] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.58.131.24/; sid:900884398; rev:1;) alert tcp $HOME_NET any -> [94.66.125.191] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.66.125.191/; sid:900884395; rev:1;) alert tcp $HOME_NET any -> [122.164.27.233] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.164.27.233/; sid:900884394; rev:1;) alert tcp $HOME_NET any -> [119.15.153.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.15.153.237/; sid:900884392; rev:1;) alert tcp $HOME_NET any -> [105.226.64.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.64.153/; sid:900884387; rev:1;) alert tcp $HOME_NET any -> [115.84.147.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.84.147.62/; sid:900884386; rev:1;) alert tcp $HOME_NET any -> [189.223.228.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.228.181/; sid:900884385; rev:1;) alert tcp $HOME_NET any -> [142.113.61.10] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.113.61.10/; sid:900879773; rev:1;) alert tcp $HOME_NET any -> [118.174.139.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.174.139.50/; sid:900879772; rev:1;) alert tcp $HOME_NET any -> [24.219.3.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.219.3.155/; sid:900879769; rev:1;) alert tcp $HOME_NET any -> [181.29.101.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.101.13/; sid:900879765; rev:1;) alert tcp $HOME_NET any -> [181.31.67.191] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.67.191/; sid:900879762; rev:1;) alert tcp $HOME_NET any -> [115.74.214.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.74.214.134/; sid:900879758; rev:1;) alert tcp $HOME_NET any -> [45.33.35.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.35.103/; sid:900879749; rev:1;) alert tcp $HOME_NET any -> [65.49.60.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.49.60.163/; sid:900879748; rev:1;) alert tcp $HOME_NET any -> [190.51.0.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.0.48/; sid:900879747; rev:1;) alert tcp $HOME_NET any -> [186.146.115.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.115.151/; sid:900879746; rev:1;) alert tcp $HOME_NET any -> [186.176.19.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.19.109/; sid:900879745; rev:1;) alert tcp $HOME_NET any -> [96.64.191.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.64.191.13/; sid:900879648; rev:1;) alert tcp $HOME_NET any -> [190.186.70.146] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.70.146/; sid:900879645; rev:1;) alert tcp $HOME_NET any -> [217.165.84.98] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.98/; sid:900879641; rev:1;) alert tcp $HOME_NET any -> [50.250.136.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.250.136.225/; sid:900879639; rev:1;) alert tcp $HOME_NET any -> [187.234.36.129] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.234.36.129/; sid:900879628; rev:1;) alert tcp $HOME_NET any -> [177.242.214.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.214.30/; sid:900879196; rev:1;) alert tcp $HOME_NET any -> [89.211.224.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.224.216/; sid:900879194; rev:1;) alert tcp $HOME_NET any -> [202.148.56.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.148.56.210/; sid:900879192; rev:1;) alert tcp $HOME_NET any -> [59.95.35.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.95.35.76/; sid:900879187; rev:1;) alert tcp $HOME_NET any -> [105.184.109.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.109.189/; sid:900879185; rev:1;) alert tcp $HOME_NET any -> [136.243.117.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.117.85/; sid:900879173; rev:1;) alert tcp $HOME_NET any -> [45.79.72.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.72.132/; sid:900879172; rev:1;) alert tcp $HOME_NET any -> [88.156.97.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.156.97.210/; sid:900879171; rev:1;) alert tcp $HOME_NET any -> [188.221.112.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.221.112.91/; sid:900879170; rev:1;) alert tcp $HOME_NET any -> [109.158.205.99] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.158.205.99/; sid:900879169; rev:1;) alert tcp $HOME_NET any -> [204.184.25.150] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.25.150/; sid:900877114; rev:1;) alert tcp $HOME_NET any -> [80.82.62.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.82.62.9/; sid:900877105; rev:1;) alert tcp $HOME_NET any -> [59.91.30.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.91.30.53/; sid:900877093; rev:1;) alert tcp $HOME_NET any -> [189.148.145.183] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.148.145.183/; sid:900877092; rev:1;) alert tcp $HOME_NET any -> [201.97.91.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.91.217/; sid:900877091; rev:1;) alert tcp $HOME_NET any -> [41.71.19.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.71.19.150/; sid:900877090; rev:1;) alert tcp $HOME_NET any -> [197.88.12.80] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.88.12.80/; sid:900872863; rev:1;) alert tcp $HOME_NET any -> [201.138.11.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.138.11.223/; sid:900872859; rev:1;) alert tcp $HOME_NET any -> [187.228.144.250] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.228.144.250/; sid:900872857; rev:1;) alert tcp $HOME_NET any -> [189.186.208.24] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.186.208.24/; sid:900872854; rev:1;) alert tcp $HOME_NET any -> [85.104.184.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.184.242/; sid:900872851; rev:1;) alert tcp $HOME_NET any -> [217.165.84.16] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.16/; sid:900872844; rev:1;) alert tcp $HOME_NET any -> [190.230.219.95] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.219.95/; sid:900872838; rev:1;) alert tcp $HOME_NET any -> [61.2.56.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.2.56.167/; sid:900872837; rev:1;) alert tcp $HOME_NET any -> [105.225.191.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.191.133/; sid:900872836; rev:1;) alert tcp $HOME_NET any -> [88.254.240.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.254.240.194/; sid:900872835; rev:1;) alert tcp $HOME_NET any -> [179.8.124.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.8.124.11/; sid:900872834; rev:1;) alert tcp $HOME_NET any -> [187.153.103.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.103.175/; sid:900870009; rev:1;) alert tcp $HOME_NET any -> [181.170.93.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.93.38/; sid:900869991; rev:1;) alert tcp $HOME_NET any -> [186.139.160.193] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.139.160.193/; sid:900869990; rev:1;) alert tcp $HOME_NET any -> [67.206.210.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.206.210.18/; sid:900869988; rev:1;) alert tcp $HOME_NET any -> [190.96.118.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.118.53/; sid:900869986; rev:1;) alert tcp $HOME_NET any -> [60.49.36.149] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.49.36.149/; sid:900869016; rev:1;) alert tcp $HOME_NET any -> [174.106.108.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.106.108.31/; sid:900869015; rev:1;) alert tcp $HOME_NET any -> [27.130.153.101] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.130.153.101/; sid:900869013; rev:1;) alert tcp $HOME_NET any -> [181.92.117.141] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.92.117.141/; sid:900869007; rev:1;) alert tcp $HOME_NET any -> [189.190.169.221] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.169.221/; sid:900868998; rev:1;) alert tcp $HOME_NET any -> [200.126.225.56] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.225.56/; sid:900868997; rev:1;) alert tcp $HOME_NET any -> [189.159.103.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.103.149/; sid:900868996; rev:1;) alert tcp $HOME_NET any -> [83.110.216.26] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.216.26/; sid:900868995; rev:1;) alert tcp $HOME_NET any -> [192.186.96.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.186.96.125/; sid:900868994; rev:1;) alert tcp $HOME_NET any -> [110.169.107.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.169.107.239/; sid:900868992; rev:1;) alert tcp $HOME_NET any -> [197.248.67.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.248.67.226/; sid:900868991; rev:1;) alert tcp $HOME_NET any -> [67.241.81.253] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.241.81.253/; sid:900868983; rev:1;) alert tcp $HOME_NET any -> [68.191.37.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.191.37.107/; sid:900868981; rev:1;) alert tcp $HOME_NET any -> [62.75.143.100] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.143.100/; sid:900868974; rev:1;) alert tcp $HOME_NET any -> [187.189.210.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.210.143/; sid:900868967; rev:1;) alert tcp $HOME_NET any -> [201.165.102.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.165.102.49/; sid:900868966; rev:1;) alert tcp $HOME_NET any -> [104.2.2.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.2.2.153/; sid:900868965; rev:1;) alert tcp $HOME_NET any -> [190.0.32.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.32.206/; sid:900868964; rev:1;) alert tcp $HOME_NET any -> [190.117.82.103] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.82.103/; sid:900868963; rev:1;) alert tcp $HOME_NET any -> [89.188.124.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.188.124.145/; sid:900868962; rev:1;) alert tcp $HOME_NET any -> [179.14.2.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.14.2.75/; sid:900868961; rev:1;) alert tcp $HOME_NET any -> [189.154.84.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.84.161/; sid:900868958; rev:1;) alert tcp $HOME_NET any -> [187.198.57.250] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.57.250/; sid:900868955; rev:1;) alert tcp $HOME_NET any -> [187.214.110.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.214.110.33/; sid:900868953; rev:1;) alert tcp $HOME_NET any -> [190.161.186.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.161.186.116/; sid:900868952; rev:1;) alert tcp $HOME_NET any -> [103.12.132.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.132.98/; sid:900868951; rev:1;) alert tcp $HOME_NET any -> [187.135.43.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.43.126/; sid:900868943; rev:1;) alert tcp $HOME_NET any -> [190.16.121.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.121.202/; sid:900868940; rev:1;) alert tcp $HOME_NET any -> [190.219.231.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.231.69/; sid:900868934; rev:1;) alert tcp $HOME_NET any -> [201.249.117.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.249.117.123/; sid:900868933; rev:1;) alert tcp $HOME_NET any -> [181.31.182.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.182.138/; sid:900868932; rev:1;) alert tcp $HOME_NET any -> [208.180.217.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.217.173/; sid:900868931; rev:1;) alert tcp $HOME_NET any -> [71.78.158.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.158.190/; sid:900868930; rev:1;) alert tcp $HOME_NET any -> [91.235.129.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.212/; sid:900621681; rev:1;) alert tcp $HOME_NET any -> [207.255.210.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.255.210.196/; sid:900864679; rev:1;) alert tcp $HOME_NET any -> [173.3.29.123] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.3.29.123/; sid:900864677; rev:1;) alert tcp $HOME_NET any -> [58.9.168.7] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.9.168.7/; sid:900864675; rev:1;) alert tcp $HOME_NET any -> [106.51.237.174] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.237.174/; sid:900861979; rev:1;) alert tcp $HOME_NET any -> [190.128.26.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.26.2/; sid:900861970; rev:1;) alert tcp $HOME_NET any -> [189.150.218.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.150.218.69/; sid:900861958; rev:1;) alert tcp $HOME_NET any -> [190.18.153.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.153.249/; sid:900861957; rev:1;) alert tcp $HOME_NET any -> [41.227.243.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.243.107/; sid:900861956; rev:1;) alert tcp $HOME_NET any -> [125.99.106.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.106.225/; sid:900861955; rev:1;) alert tcp $HOME_NET any -> [95.42.189.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.42.189.34/; sid:900861954; rev:1;) alert tcp $HOME_NET any -> [185.142.99.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.46/; sid:900621491; rev:1;) alert tcp $HOME_NET any -> [92.154.101.154] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.101.154/; sid:900852374; rev:1;) alert tcp $HOME_NET any -> [114.79.191.12] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.191.12/; sid:900852365; rev:1;) alert tcp $HOME_NET any -> [183.82.1.142] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.1.142/; sid:900852358; rev:1;) alert tcp $HOME_NET any -> [73.217.113.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.217.113.111/; sid:900852357; rev:1;) alert tcp $HOME_NET any -> [66.115.90.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.90.48/; sid:900852356; rev:1;) alert tcp $HOME_NET any -> [24.63.218.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.63.218.229/; sid:900852355; rev:1;) alert tcp $HOME_NET any -> [37.209.252.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.209.252.121/; sid:900852354; rev:1;) alert tcp $HOME_NET any -> [184.95.192.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.95.192.237/; sid:900852338; rev:1;) alert tcp $HOME_NET any -> [181.44.231.127] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.231.127/; sid:900852334; rev:1;) alert tcp $HOME_NET any -> [176.58.93.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.58.93.123/; sid:900852329; rev:1;) alert tcp $HOME_NET any -> [43.229.62.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.62.186/; sid:900852328; rev:1;) alert tcp $HOME_NET any -> [136.49.87.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.49.87.106/; sid:900852327; rev:1;) alert tcp $HOME_NET any -> [190.18.219.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.219.56/; sid:900852326; rev:1;) alert tcp $HOME_NET any -> [181.118.101.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.101.22/; sid:900852325; rev:1;) alert tcp $HOME_NET any -> [190.104.229.114] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.229.114/; sid:900852324; rev:1;) alert tcp $HOME_NET any -> [154.120.228.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.228.126/; sid:900852323; rev:1;) alert tcp $HOME_NET any -> [184.160.113.4] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.160.113.4/; sid:900852322; rev:1;) alert tcp $HOME_NET any -> [81.134.59.36] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.134.59.36/; sid:900850146; rev:1;) alert tcp $HOME_NET any -> [182.176.184.81] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.184.81/; sid:900850138; rev:1;) alert tcp $HOME_NET any -> [211.63.71.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.63.71.72/; sid:900849376; rev:1;) alert tcp $HOME_NET any -> [185.191.177.79] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.191.177.79/; sid:900849375; rev:1;) alert tcp $HOME_NET any -> [83.110.80.67] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.80.67/; sid:900849372; rev:1;) alert tcp $HOME_NET any -> [212.31.106.90] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.31.106.90/; sid:900849371; rev:1;) alert tcp $HOME_NET any -> [91.92.191.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.191.134/; sid:900849369; rev:1;) alert tcp $HOME_NET any -> [95.128.43.213] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.128.43.213/; sid:900849366; rev:1;) alert tcp $HOME_NET any -> [81.22.137.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.22.137.186/; sid:900849365; rev:1;) alert tcp $HOME_NET any -> [201.146.85.239] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.146.85.239/; sid:900849360; rev:1;) alert tcp $HOME_NET any -> [203.210.237.200] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.210.237.200/; sid:900849358; rev:1;) alert tcp $HOME_NET any -> [174.93.130.148] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.93.130.148/; sid:900849351; rev:1;) alert tcp $HOME_NET any -> [175.100.138.82] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.100.138.82/; sid:900849350; rev:1;) alert tcp $HOME_NET any -> [2.50.4.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.4.159/; sid:900849349; rev:1;) alert tcp $HOME_NET any -> [94.250.55.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.55.138/; sid:900849348; rev:1;) alert tcp $HOME_NET any -> [171.101.196.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.101.196.138/; sid:900849347; rev:1;) alert tcp $HOME_NET any -> [189.155.72.127] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.72.127/; sid:900848607; rev:1;) alert tcp $HOME_NET any -> [86.42.246.197] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.246.197/; sid:900848599; rev:1;) alert tcp $HOME_NET any -> [181.39.51.243] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.51.243/; sid:900848597; rev:1;) alert tcp $HOME_NET any -> [162.243.125.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.125.212/; sid:900848585; rev:1;) alert tcp $HOME_NET any -> [104.236.135.119] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.135.119/; sid:900848584; rev:1;) alert tcp $HOME_NET any -> [82.226.163.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.226.163.9/; sid:900848338; rev:1;) alert tcp $HOME_NET any -> [99.243.127.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.243.127.236/; sid:900848329; rev:1;) alert tcp $HOME_NET any -> [74.36.4.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.36.4.206/; sid:900848328; rev:1;) alert tcp $HOME_NET any -> [216.221.73.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.221.73.45/; sid:900848327; rev:1;) alert tcp $HOME_NET any -> [200.114.142.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.142.40/; sid:900848326; rev:1;) alert tcp $HOME_NET any -> [181.15.177.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.177.100/; sid:900848325; rev:1;) alert tcp $HOME_NET any -> [181.129.83.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.83.122/; sid:900848324; rev:1;) alert tcp $HOME_NET any -> [181.170.252.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.252.83/; sid:900848323; rev:1;) alert tcp $HOME_NET any -> [59.91.24.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.91.24.244/; sid:900846717; rev:1;) alert tcp $HOME_NET any -> [187.207.136.230] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.136.230/; sid:900846716; rev:1;) alert tcp $HOME_NET any -> [95.65.206.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.65.206.248/; sid:900846711; rev:1;) alert tcp $HOME_NET any -> [103.11.82.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.11.82.67/; sid:900846695; rev:1;) alert tcp $HOME_NET any -> [217.165.126.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.126.204/; sid:900846694; rev:1;) alert tcp $HOME_NET any -> [66.50.29.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.50.29.185/; sid:900846692; rev:1;) alert tcp $HOME_NET any -> [187.192.60.158] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.60.158/; sid:900841531; rev:1;) alert tcp $HOME_NET any -> [189.236.193.173] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.193.173/; sid:900841514; rev:1;) alert tcp $HOME_NET any -> [86.42.253.213] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.253.213/; sid:900841513; rev:1;) alert tcp $HOME_NET any -> [187.136.144.197] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.136.144.197/; sid:900841512; rev:1;) alert tcp $HOME_NET any -> [189.155.152.129] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.152.129/; sid:900841511; rev:1;) alert tcp $HOME_NET any -> [188.48.145.96] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.48.145.96/; sid:900841510; rev:1;) alert tcp $HOME_NET any -> [189.250.182.236] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.182.236/; sid:900841509; rev:1;) alert tcp $HOME_NET any -> [186.71.61.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.94/; sid:900841508; rev:1;) alert tcp $HOME_NET any -> [190.48.129.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.48.129.88/; sid:900841507; rev:1;) alert tcp $HOME_NET any -> [105.185.141.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.185.141.205/; sid:900838769; rev:1;) alert tcp $HOME_NET any -> [200.125.222.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.222.34/; sid:900838759; rev:1;) alert tcp $HOME_NET any -> [186.183.141.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.183.141.17/; sid:900838758; rev:1;) alert tcp $HOME_NET any -> [200.123.135.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.135.17/; sid:900838757; rev:1;) alert tcp $HOME_NET any -> [109.194.50.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.194.50.231/; sid:900838755; rev:1;) alert tcp $HOME_NET any -> [201.212.49.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.49.246/; sid:900834259; rev:1;) alert tcp $HOME_NET any -> [190.112.197.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.112.197.130/; sid:900833960; rev:1;) alert tcp $HOME_NET any -> [186.19.36.126] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.36.126/; sid:900833958; rev:1;) alert tcp $HOME_NET any -> [186.64.175.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.175.137/; sid:900833957; rev:1;) alert tcp $HOME_NET any -> [189.252.15.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.15.206/; sid:900833771; rev:1;) alert tcp $HOME_NET any -> [179.12.193.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.12.193.156/; sid:900833770; rev:1;) alert tcp $HOME_NET any -> [189.159.143.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.143.134/; sid:900833769; rev:1;) alert tcp $HOME_NET any -> [86.205.224.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.205.224.234/; sid:900833767; rev:1;) alert tcp $HOME_NET any -> [189.189.175.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.175.174/; sid:900833766; rev:1;) alert tcp $HOME_NET any -> [47.202.17.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.202.17.6/; sid:900833765; rev:1;) alert tcp $HOME_NET any -> [174.64.239.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.64.239.8/; sid:900833764; rev:1;) alert tcp $HOME_NET any -> [174.109.4.153] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.109.4.153/; sid:900833738; rev:1;) alert tcp $HOME_NET any -> [200.125.190.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.190.126/; sid:900833737; rev:1;) alert tcp $HOME_NET any -> [204.138.46.166] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.138.46.166/; sid:900833736; rev:1;) alert tcp $HOME_NET any -> [190.121.143.147] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.121.143.147/; sid:900833735; rev:1;) alert tcp $HOME_NET any -> [82.73.220.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.73.220.225/; sid:900833734; rev:1;) alert tcp $HOME_NET any -> [186.5.100.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.5.100.92/; sid:900833733; rev:1;) alert tcp $HOME_NET any -> [115.75.36.220] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.75.36.220/; sid:900833732; rev:1;) alert tcp $HOME_NET any -> [63.77.201.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.77.201.245/; sid:900833663; rev:1;) alert tcp $HOME_NET any -> [212.122.71.196] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.122.71.196/; sid:900833653; rev:1;) alert tcp $HOME_NET any -> [190.211.207.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.211.207.11/; sid:900833649; rev:1;) alert tcp $HOME_NET any -> [181.23.229.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.23.229.192/; sid:900833640; rev:1;) alert tcp $HOME_NET any -> [37.210.168.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.168.251/; sid:900833639; rev:1;) alert tcp $HOME_NET any -> [72.161.250.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.161.250.4/; sid:900833638; rev:1;) alert tcp $HOME_NET any -> [189.230.171.255] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.230.171.255/; sid:900833637; rev:1;) alert tcp $HOME_NET any -> [201.97.58.156] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.58.156/; sid:900833636; rev:1;) alert tcp $HOME_NET any -> [86.98.222.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.222.202/; sid:900833571; rev:1;) alert tcp $HOME_NET any -> [31.167.109.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.109.122/; sid:900833565; rev:1;) alert tcp $HOME_NET any -> [201.236.95.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.95.82/; sid:900833562; rev:1;) alert tcp $HOME_NET any -> [47.180.177.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.177.96/; sid:900833554; rev:1;) alert tcp $HOME_NET any -> [190.51.51.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.51.93/; sid:900833551; rev:1;) alert tcp $HOME_NET any -> [73.183.131.231] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.183.131.231/; sid:900833549; rev:1;) alert tcp $HOME_NET any -> [201.212.91.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.91.189/; sid:900833546; rev:1;) alert tcp $HOME_NET any -> [173.177.157.7] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.177.157.7/; sid:900833537; rev:1;) alert tcp $HOME_NET any -> [189.250.145.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.145.98/; sid:900833533; rev:1;) alert tcp $HOME_NET any -> [190.185.241.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.185.241.151/; sid:900833528; rev:1;) alert tcp $HOME_NET any -> [71.43.73.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.73.58/; sid:900833512; rev:1;) alert tcp $HOME_NET any -> [162.104.1.255] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.104.1.255/; sid:900833511; rev:1;) alert tcp $HOME_NET any -> [24.137.254.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.137.254.148/; sid:900833510; rev:1;) alert tcp $HOME_NET any -> [71.88.106.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.88.106.124/; sid:900833509; rev:1;) alert tcp $HOME_NET any -> [200.116.26.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.26.234/; sid:900833508; rev:1;) alert tcp $HOME_NET any -> [200.21.51.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.51.30/; sid:900621979; rev:1;) alert tcp $HOME_NET any -> [37.44.212.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.195/; sid:900621593; rev:1;) alert tcp $HOME_NET any -> [173.247.238.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.247.238.184/; sid:900621351; rev:1;) alert tcp $HOME_NET any -> [181.57.193.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.193.10/; sid:900829846; rev:1;) alert tcp $HOME_NET any -> [70.57.82.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.82.196/; sid:900829845; rev:1;) alert tcp $HOME_NET any -> [80.115.91.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.115.91.222/; sid:900829844; rev:1;) alert tcp $HOME_NET any -> [41.220.119.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.220.119.246/; sid:900829843; rev:1;) alert tcp $HOME_NET any -> [50.80.248.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.80.248.108/; sid:900829842; rev:1;) alert tcp $HOME_NET any -> [187.233.152.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.152.78/; sid:900829841; rev:1;) alert tcp $HOME_NET any -> [190.146.214.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.214.85/; sid:900829815; rev:1;) alert tcp $HOME_NET any -> [190.15.198.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.198.47/; sid:900829814; rev:1;) alert tcp $HOME_NET any -> [186.3.188.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.188.74/; sid:900829813; rev:1;) alert tcp $HOME_NET any -> [190.117.206.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.206.153/; sid:900829812; rev:1;) alert tcp $HOME_NET any -> [190.146.86.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.86.180/; sid:900829811; rev:1;) alert tcp $HOME_NET any -> [187.207.188.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.188.248/; sid:900829810; rev:1;) alert tcp $HOME_NET any -> [82.78.228.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.228.57/; sid:900829809; rev:1;) alert tcp $HOME_NET any -> [76.168.149.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.168.149.66/; sid:900828698; rev:1;) alert tcp $HOME_NET any -> [71.182.128.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.182.128.166/; sid:900828697; rev:1;) alert tcp $HOME_NET any -> [201.239.154.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.239.154.191/; sid:900828696; rev:1;) alert tcp $HOME_NET any -> [64.9.43.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.9.43.60/; sid:900828695; rev:1;) alert tcp $HOME_NET any -> [64.46.91.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.46.91.165/; sid:900828694; rev:1;) alert tcp $HOME_NET any -> [67.248.56.82] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.248.56.82/; sid:900828693; rev:1;) alert tcp $HOME_NET any -> [189.209.217.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.209.217.49/; sid:900828692; rev:1;) alert tcp $HOME_NET any -> [160.3.238.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.3.238.131/; sid:900828691; rev:1;) alert tcp $HOME_NET any -> [190.97.219.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.219.241/; sid:900828690; rev:1;) alert tcp $HOME_NET any -> [201.220.152.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.152.101/; sid:900828689; rev:1;) alert tcp $HOME_NET any -> [91.205.215.57] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.57/; sid:900828452; rev:1;) alert tcp $HOME_NET any -> [109.73.52.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.73.52.242/; sid:900828449; rev:1;) alert tcp $HOME_NET any -> [139.59.19.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.19.157/; sid:900828443; rev:1;) alert tcp $HOME_NET any -> [181.228.211.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.211.100/; sid:900828437; rev:1;) alert tcp $HOME_NET any -> [207.134.207.44] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.134.207.44/; sid:900828436; rev:1;) alert tcp $HOME_NET any -> [181.40.122.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.40.122.122/; sid:900828435; rev:1;) alert tcp $HOME_NET any -> [152.171.65.137] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.171.65.137/; sid:900828434; rev:1;) alert tcp $HOME_NET any -> [181.198.203.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.203.150/; sid:900828433; rev:1;) alert tcp $HOME_NET any -> [200.113.185.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.185.229/; sid:900828255; rev:1;) alert tcp $HOME_NET any -> [45.33.49.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.49.124/; sid:900828256; rev:1;) alert tcp $HOME_NET any -> [185.94.252.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.3/; sid:900828251; rev:1;) alert tcp $HOME_NET any -> [108.188.116.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.188.116.179/; sid:900828246; rev:1;) alert tcp $HOME_NET any -> [24.243.101.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.101.134/; sid:900828245; rev:1;) alert tcp $HOME_NET any -> [90.219.97.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.219.97.38/; sid:900828244; rev:1;) alert tcp $HOME_NET any -> [200.50.185.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.185.54/; sid:900828243; rev:1;) alert tcp $HOME_NET any -> [62.217.133.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.217.133.100/; sid:900828241; rev:1;) alert tcp $HOME_NET any -> [70.184.97.144] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.97.144/; sid:900825790; rev:1;) alert tcp $HOME_NET any -> [190.210.3.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.3.93/; sid:900825789; rev:1;) alert tcp $HOME_NET any -> [71.11.157.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.11.157.249/; sid:900825788; rev:1;) alert tcp $HOME_NET any -> [50.246.45.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.246.45.249/; sid:900825787; rev:1;) alert tcp $HOME_NET any -> [181.197.2.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.2.252/; sid:900825786; rev:1;) alert tcp $HOME_NET any -> [64.87.26.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.87.26.17/; sid:900825544; rev:1;) alert tcp $HOME_NET any -> [94.183.129.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.129.173/; sid:900825541; rev:1;) alert tcp $HOME_NET any -> [182.180.92.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.92.102/; sid:900825540; rev:1;) alert tcp $HOME_NET any -> [67.209.208.130] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.208.130/; sid:900825539; rev:1;) alert tcp $HOME_NET any -> [187.189.195.208] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.195.208/; sid:900825538; rev:1;) alert tcp $HOME_NET any -> [103.39.131.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.39.131.88/; sid:900825536; rev:1;) alert tcp $HOME_NET any -> [86.239.117.57] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.239.117.57/; sid:900825537; rev:1;) alert tcp $HOME_NET any -> [45.36.20.17] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.20.17/; sid:900825535; rev:1;) alert tcp $HOME_NET any -> [201.192.156.113] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.156.113/; sid:900823324; rev:1;) alert tcp $HOME_NET any -> [187.188.83.52] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.83.52/; sid:900823303; rev:1;) alert tcp $HOME_NET any -> [186.179.80.99] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.80.99/; sid:900823302; rev:1;) alert tcp $HOME_NET any -> [69.2.162.139] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.2.162.139/; sid:900823301; rev:1;) alert tcp $HOME_NET any -> [27.72.113.79] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.72.113.79/; sid:900823300; rev:1;) alert tcp $HOME_NET any -> [70.15.236.247] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.15.236.247/; sid:900823299; rev:1;) alert tcp $HOME_NET any -> [58.171.215.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.215.214/; sid:900823298; rev:1;) alert tcp $HOME_NET any -> [211.63.34.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.63.34.183/; sid:900823297; rev:1;) alert tcp $HOME_NET any -> [174.56.47.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.56.47.59/; sid:900823296; rev:1;) alert tcp $HOME_NET any -> [201.253.238.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.253.238.50/; sid:900823295; rev:1;) alert tcp $HOME_NET any -> [213.107.110.253] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.107.110.253/; sid:900823268; rev:1;) alert tcp $HOME_NET any -> [105.224.170.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.170.35/; sid:900823267; rev:1;) alert tcp $HOME_NET any -> [190.85.38.226] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.38.226/; sid:900823266; rev:1;) alert tcp $HOME_NET any -> [190.92.48.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.48.253/; sid:900823265; rev:1;) alert tcp $HOME_NET any -> [186.15.83.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.83.52/; sid:900823264; rev:1;) alert tcp $HOME_NET any -> [190.193.141.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.141.52/; sid:900823263; rev:1;) alert tcp $HOME_NET any -> [181.61.221.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.221.146/; sid:900813557; rev:1;) alert tcp $HOME_NET any -> [70.57.24.230] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.24.230/; sid:900813556; rev:1;) alert tcp $HOME_NET any -> [89.211.193.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.193.18/; sid:900813555; rev:1;) alert tcp $HOME_NET any -> [70.28.22.105] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.22.105/; sid:900813554; rev:1;) alert tcp $HOME_NET any -> [178.78.64.80] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.78.64.80/; sid:900813553; rev:1;) alert tcp $HOME_NET any -> [64.13.225.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.13.225.150/; sid:900813371; rev:1;) alert tcp $HOME_NET any -> [87.106.139.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.139.101/; sid:900813379; rev:1;) alert tcp $HOME_NET any -> [187.176.44.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.44.226/; sid:900813367; rev:1;) alert tcp $HOME_NET any -> [175.107.228.236] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.228.236/; sid:900813365; rev:1;) alert tcp $HOME_NET any -> [85.104.59.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.59.244/; sid:900813366; rev:1;) alert tcp $HOME_NET any -> [206.53.93.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.53.93.6/; sid:900813364; rev:1;) alert tcp $HOME_NET any -> [186.43.57.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.43.57.143/; sid:900813363; rev:1;) alert tcp $HOME_NET any -> [62.151.17.5] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.151.17.5/; sid:900813362; rev:1;) alert tcp $HOME_NET any -> [186.4.234.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.234.27/; sid:900813361; rev:1;) alert tcp $HOME_NET any -> [37.44.212.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.94/; sid:900621820; rev:1;) alert tcp $HOME_NET any -> [189.151.39.229] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.151.39.229/; sid:900810453; rev:1;) alert tcp $HOME_NET any -> [24.234.249.226] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.249.226/; sid:900810452; rev:1;) alert tcp $HOME_NET any -> [200.51.94.251] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.51.94.251/; sid:900810451; rev:1;) alert tcp $HOME_NET any -> [186.177.30.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.30.6/; sid:900810450; rev:1;) alert tcp $HOME_NET any -> [190.108.216.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.216.107/; sid:900810229; rev:1;) alert tcp $HOME_NET any -> [103.209.65.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.209.65.42/; sid:900810228; rev:1;) alert tcp $HOME_NET any -> [24.61.139.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.61.139.70/; sid:900810227; rev:1;) alert tcp $HOME_NET any -> [110.172.188.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.188.120/; sid:900810226; rev:1;) alert tcp $HOME_NET any -> [41.57.104.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.57.104.182/; sid:900810225; rev:1;) alert tcp $HOME_NET any -> [201.220.83.133] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.83.133/; sid:900806095; rev:1;) alert tcp $HOME_NET any -> [75.104.218.201] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.104.218.201/; sid:900806091; rev:1;) alert tcp $HOME_NET any -> [187.142.0.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.142.0.234/; sid:900806089; rev:1;) alert tcp $HOME_NET any -> [177.242.51.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.51.8/; sid:900806080; rev:1;) alert tcp $HOME_NET any -> [186.43.207.22] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.43.207.22/; sid:900806074; rev:1;) alert tcp $HOME_NET any -> [186.113.255.229] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.255.229/; sid:900806073; rev:1;) alert tcp $HOME_NET any -> [189.156.39.161] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.156.39.161/; sid:900806072; rev:1;) alert tcp $HOME_NET any -> [187.209.46.240] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.209.46.240/; sid:900806071; rev:1;) alert tcp $HOME_NET any -> [189.153.60.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.153.60.187/; sid:900806070; rev:1;) alert tcp $HOME_NET any -> [199.36.199.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.36.199.104/; sid:900806069; rev:1;) alert tcp $HOME_NET any -> [186.86.199.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.199.79/; sid:900806067; rev:1;) alert tcp $HOME_NET any -> [40.134.64.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.134.64.58/; sid:900806068; rev:1;) alert tcp $HOME_NET any -> [181.209.169.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.209.169.123/; sid:900806066; rev:1;) alert tcp $HOME_NET any -> [190.46.30.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.46.30.14/; sid:900806065; rev:1;) alert tcp $HOME_NET any -> [71.224.174.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.224.174.17/; sid:900805958; rev:1;) alert tcp $HOME_NET any -> [182.184.72.199] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.184.72.199/; sid:900805956; rev:1;) alert tcp $HOME_NET any -> [133.242.156.30] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.242.156.30/; sid:900805948; rev:1;) alert tcp $HOME_NET any -> [203.143.86.111] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.143.86.111/; sid:900805947; rev:1;) alert tcp $HOME_NET any -> [213.191.168.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.191.168.93/; sid:900805946; rev:1;) alert tcp $HOME_NET any -> [88.225.223.211] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.223.211/; sid:900805945; rev:1;) alert tcp $HOME_NET any -> [189.141.175.53] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.175.53/; sid:900805944; rev:1;) alert tcp $HOME_NET any -> [201.119.12.225] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.119.12.225/; sid:900805943; rev:1;) alert tcp $HOME_NET any -> [189.154.126.105] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.126.105/; sid:900805942; rev:1;) alert tcp $HOME_NET any -> [94.200.157.250] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.157.250/; sid:900805941; rev:1;) alert tcp $HOME_NET any -> [66.115.86.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.86.249/; sid:900805940; rev:1;) alert tcp $HOME_NET any -> [70.119.86.15] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.86.15/; sid:900805939; rev:1;) alert tcp $HOME_NET any -> [103.101.59.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.101.59.2/; sid:900805938; rev:1;) alert tcp $HOME_NET any -> [189.142.143.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.142.143.187/; sid:900805937; rev:1;) alert tcp $HOME_NET any -> [200.55.136.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.55.136.2/; sid:900805913; rev:1;) alert tcp $HOME_NET any -> [23.240.26.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.240.26.210/; sid:900805909; rev:1;) alert tcp $HOME_NET any -> [190.117.51.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.51.248/; sid:900805908; rev:1;) alert tcp $HOME_NET any -> [181.16.4.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.4.180/; sid:900805907; rev:1;) alert tcp $HOME_NET any -> [164.77.138.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.77.138.194/; sid:900805906; rev:1;) alert tcp $HOME_NET any -> [104.33.204.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.33.204.83/; sid:900805905; rev:1;) alert tcp $HOME_NET any -> [80.167.67.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.167.67.247/; sid:900804195; rev:1;) alert tcp $HOME_NET any -> [110.93.230.101] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.93.230.101/; sid:900804194; rev:1;) alert tcp $HOME_NET any -> [118.32.221.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.32.221.23/; sid:900803752; rev:1;) alert tcp $HOME_NET any -> [78.188.105.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.105.159/; sid:900803749; rev:1;) alert tcp $HOME_NET any -> [41.87.168.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.87.168.158/; sid:900803744; rev:1;) alert tcp $HOME_NET any -> [42.115.105.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.115.105.246/; sid:900803738; rev:1;) alert tcp $HOME_NET any -> [103.107.27.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.107.27.129/; sid:900803737; rev:1;) alert tcp $HOME_NET any -> [59.103.164.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.103.164.174/; sid:900803736; rev:1;) alert tcp $HOME_NET any -> [103.224.157.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.224.157.244/; sid:900803735; rev:1;) alert tcp $HOME_NET any -> [103.53.44.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.53.44.20/; sid:900803734; rev:1;) alert tcp $HOME_NET any -> [111.91.71.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.91.71.164/; sid:900803733; rev:1;) alert tcp $HOME_NET any -> [217.165.127.223] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.127.223/; sid:900803732; rev:1;) alert tcp $HOME_NET any -> [71.91.105.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.91.105.254/; sid:900803731; rev:1;) alert tcp $HOME_NET any -> [97.123.191.36] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.123.191.36/; sid:900803730; rev:1;) alert tcp $HOME_NET any -> [189.188.140.179] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.188.140.179/; sid:900803618; rev:1;) alert tcp $HOME_NET any -> [186.23.186.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.186.99/; sid:900803610; rev:1;) alert tcp $HOME_NET any -> [143.0.245.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.0.245.169/; sid:900803609; rev:1;) alert tcp $HOME_NET any -> [85.105.205.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.205.77/; sid:900803608; rev:1;) alert tcp $HOME_NET any -> [190.111.215.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.111.215.2/; sid:900803607; rev:1;) alert tcp $HOME_NET any -> [201.213.72.74] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.72.74/; sid:900803606; rev:1;) alert tcp $HOME_NET any -> [190.188.207.72] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.188.207.72/; sid:900803605; rev:1;) alert tcp $HOME_NET any -> [201.251.12.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.12.153/; sid:900803604; rev:1;) alert tcp $HOME_NET any -> [201.184.224.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.224.178/; sid:900803603; rev:1;) alert tcp $HOME_NET any -> [95.44.198.249] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.44.198.249/; sid:900803602; rev:1;) alert tcp $HOME_NET any -> [74.56.155.43] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.56.155.43/; sid:900803601; rev:1;) alert tcp $HOME_NET any -> [190.117.202.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.202.39/; sid:900801075; rev:1;) alert tcp $HOME_NET any -> [201.233.19.23] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.233.19.23/; sid:900801070; rev:1;) alert tcp $HOME_NET any -> [209.217.209.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.217.209.214/; sid:900801067; rev:1;) alert tcp $HOME_NET any -> [75.149.91.249] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.149.91.249/; sid:900801063; rev:1;) alert tcp $HOME_NET any -> [181.140.37.228] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.140.37.228/; sid:900801057; rev:1;) alert tcp $HOME_NET any -> [201.231.209.16] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.209.16/; sid:900801056; rev:1;) alert tcp $HOME_NET any -> [216.8.171.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.171.214/; sid:900801055; rev:1;) alert tcp $HOME_NET any -> [117.218.17.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.218.17.6/; sid:900801054; rev:1;) alert tcp $HOME_NET any -> [190.47.158.127] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.158.127/; sid:900801053; rev:1;) alert tcp $HOME_NET any -> [200.116.70.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.70.135/; sid:900801052; rev:1;) alert tcp $HOME_NET any -> [60.254.45.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.254.45.78/; sid:900801051; rev:1;) alert tcp $HOME_NET any -> [96.20.94.194] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.94.194/; sid:900801050; rev:1;) alert tcp $HOME_NET any -> [181.175.60.255] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.60.255/; sid:900801049; rev:1;) alert tcp $HOME_NET any -> [152.168.211.207] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.211.207/; sid:900801048; rev:1;) alert tcp $HOME_NET any -> [190.131.155.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.131.155.107/; sid:900795350; rev:1;) alert tcp $HOME_NET any -> [87.75.117.133] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.75.117.133/; sid:900795346; rev:1;) alert tcp $HOME_NET any -> [85.164.23.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.164.23.34/; sid:900795340; rev:1;) alert tcp $HOME_NET any -> [116.58.22.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.58.22.75/; sid:900795334; rev:1;) alert tcp $HOME_NET any -> [200.125.28.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.28.214/; sid:900795329; rev:1;) alert tcp $HOME_NET any -> [192.250.16.124] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.250.16.124/; sid:900795328; rev:1;) alert tcp $HOME_NET any -> [98.144.73.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.144.73.193/; sid:900795327; rev:1;) alert tcp $HOME_NET any -> [187.163.222.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.222.244/; sid:900795326; rev:1;) alert tcp $HOME_NET any -> [190.77.126.30] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.77.126.30/; sid:900795325; rev:1;) alert tcp $HOME_NET any -> [74.95.133.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.95.133.5/; sid:900795324; rev:1;) alert tcp $HOME_NET any -> [2.50.177.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.177.244/; sid:900795323; rev:1;) alert tcp $HOME_NET any -> [190.219.182.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.182.18/; sid:900795322; rev:1;) alert tcp $HOME_NET any -> [186.71.61.92] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.92/; sid:900795321; rev:1;) alert tcp $HOME_NET any -> [108.58.73.115] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.58.73.115/; sid:900795320; rev:1;) alert tcp $HOME_NET any -> [104.220.134.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.220.134.222/; sid:900795095; rev:1;) alert tcp $HOME_NET any -> [104.58.17.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.58.17.163/; sid:900795093; rev:1;) alert tcp $HOME_NET any -> [173.164.202.129] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.164.202.129/; sid:900795092; rev:1;) alert tcp $HOME_NET any -> [74.195.15.29] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.195.15.29/; sid:900795091; rev:1;) alert tcp $HOME_NET any -> [71.215.247.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.215.247.43/; sid:900795090; rev:1;) alert tcp $HOME_NET any -> [108.51.109.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.51.109.34/; sid:900795088; rev:1;) alert tcp $HOME_NET any -> [50.192.4.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.192.4.161/; sid:900795086; rev:1;) alert tcp $HOME_NET any -> [206.15.68.84] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.15.68.84/; sid:900795081; rev:1;) alert tcp $HOME_NET any -> [72.91.227.119] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.91.227.119/; sid:900795079; rev:1;) alert tcp $HOME_NET any -> [181.61.253.171] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.253.171/; sid:900795077; rev:1;) alert tcp $HOME_NET any -> [108.183.160.57] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.183.160.57/; sid:900795076; rev:1;) alert tcp $HOME_NET any -> [70.100.118.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.100.118.224/; sid:900795073; rev:1;) alert tcp $HOME_NET any -> [75.109.110.102] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.109.110.102/; sid:900795072; rev:1;) alert tcp $HOME_NET any -> [24.209.31.102] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.209.31.102/; sid:900795070; rev:1;) alert tcp $HOME_NET any -> [70.91.215.57] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.91.215.57/; sid:900795071; rev:1;) alert tcp $HOME_NET any -> [104.129.188.170] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.129.188.170/; sid:900795069; rev:1;) alert tcp $HOME_NET any -> [67.42.71.66] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.42.71.66/; sid:900795068; rev:1;) alert tcp $HOME_NET any -> [70.119.159.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.119.159.214/; sid:900795067; rev:1;) alert tcp $HOME_NET any -> [148.103.9.108] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.9.108/; sid:900795066; rev:1;) alert tcp $HOME_NET any -> [187.188.148.16] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.148.16/; sid:900795065; rev:1;) alert tcp $HOME_NET any -> [39.61.49.128] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/39.61.49.128/; sid:900795064; rev:1;) alert tcp $HOME_NET any -> [76.73.184.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.73.184.103/; sid:900792660; rev:1;) alert tcp $HOME_NET any -> [70.168.116.204] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.168.116.204/; sid:900792658; rev:1;) alert tcp $HOME_NET any -> [96.64.59.185] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.64.59.185/; sid:900792655; rev:1;) alert tcp $HOME_NET any -> [66.57.47.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.57.47.2/; sid:900792652; rev:1;) alert tcp $HOME_NET any -> [96.56.206.155] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.56.206.155/; sid:900792653; rev:1;) alert tcp $HOME_NET any -> [88.249.85.118] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.85.118/; sid:900792651; rev:1;) alert tcp $HOME_NET any -> [47.50.17.78] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.50.17.78/; sid:900792650; rev:1;) alert tcp $HOME_NET any -> [72.132.106.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.132.106.183/; sid:900792649; rev:1;) alert tcp $HOME_NET any -> [73.185.67.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.185.67.141/; sid:900792648; rev:1;) alert tcp $HOME_NET any -> [70.118.9.166] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.9.166/; sid:900792646; rev:1;) alert tcp $HOME_NET any -> [71.175.108.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.175.108.209/; sid:900792644; rev:1;) alert tcp $HOME_NET any -> [189.236.80.172] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.80.172/; sid:900792641; rev:1;) alert tcp $HOME_NET any -> [192.186.96.124] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.186.96.124/; sid:900792640; rev:1;) alert tcp $HOME_NET any -> [66.115.89.239] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.89.239/; sid:900792639; rev:1;) alert tcp $HOME_NET any -> [189.166.121.19] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.121.19/; sid:900792638; rev:1;) alert tcp $HOME_NET any -> [67.238.131.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.238.131.194/; sid:900792637; rev:1;) alert tcp $HOME_NET any -> [24.232.118.175] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.118.175/; sid:900792636; rev:1;) alert tcp $HOME_NET any -> [190.47.64.245] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.64.245/; sid:900792635; rev:1;) alert tcp $HOME_NET any -> [24.189.222.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.189.222.181/; sid:900792634; rev:1;) alert tcp $HOME_NET any -> [71.78.24.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.24.146/; sid:900792633; rev:1;) alert tcp $HOME_NET any -> [216.119.181.170] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.119.181.170/; sid:900792632; rev:1;) alert tcp $HOME_NET any -> [70.45.30.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.45.30.28/; sid:900792183; rev:1;) alert tcp $HOME_NET any -> [132.248.18.45] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.248.18.45/; sid:900792182; rev:1;) alert tcp $HOME_NET any -> [70.24.147.203] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.24.147.203/; sid:900792181; rev:1;) alert tcp $HOME_NET any -> [190.110.239.130] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.110.239.130/; sid:900792177; rev:1;) alert tcp $HOME_NET any -> [68.149.151.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.149.151.102/; sid:900792176; rev:1;) alert tcp $HOME_NET any -> [216.81.19.67] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.81.19.67/; sid:900792173; rev:1;) alert tcp $HOME_NET any -> [181.39.66.29] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.66.29/; sid:900792171; rev:1;) alert tcp $HOME_NET any -> [101.187.168.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.168.2/; sid:900792170; rev:1;) alert tcp $HOME_NET any -> [84.45.230.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.45.230.228/; sid:900792169; rev:1;) alert tcp $HOME_NET any -> [181.164.241.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.241.251/; sid:900792168; rev:1;) alert tcp $HOME_NET any -> [187.208.214.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.208.214.53/; sid:900792167; rev:1;) alert tcp $HOME_NET any -> [187.232.31.68] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.232.31.68/; sid:900792166; rev:1;) alert tcp $HOME_NET any -> [187.153.217.39] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.217.39/; sid:900792165; rev:1;) alert tcp $HOME_NET any -> [189.236.96.21] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.96.21/; sid:900792161; rev:1;) alert tcp $HOME_NET any -> [105.227.228.7] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.228.7/; sid:900792160; rev:1;) alert tcp $HOME_NET any -> [187.209.66.50] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.209.66.50/; sid:900792159; rev:1;) alert tcp $HOME_NET any -> [181.30.61.163] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.61.163/; sid:900792158; rev:1;) alert tcp $HOME_NET any -> [190.47.153.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.153.46/; sid:900792157; rev:1;) alert tcp $HOME_NET any -> [189.135.82.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.135.82.225/; sid:900792155; rev:1;) alert tcp $HOME_NET any -> [187.146.243.126] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.146.243.126/; sid:900792156; rev:1;) alert tcp $HOME_NET any -> [197.232.52.70] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.232.52.70/; sid:900792154; rev:1;) alert tcp $HOME_NET any -> [190.159.143.96] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.159.143.96/; sid:900792153; rev:1;) alert tcp $HOME_NET any -> [201.142.199.76] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.142.199.76/; sid:900792152; rev:1;) alert tcp $HOME_NET any -> [173.76.44.152] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.76.44.152/; sid:900790999; rev:1;) alert tcp $HOME_NET any -> [181.143.53.227] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.53.227/; sid:900790998; rev:1;) alert tcp $HOME_NET any -> [24.11.67.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.11.67.222/; sid:900790997; rev:1;) alert tcp $HOME_NET any -> [74.80.16.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.80.16.10/; sid:900790996; rev:1;) alert tcp $HOME_NET any -> [73.124.73.90] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.124.73.90/; sid:900790995; rev:1;) alert tcp $HOME_NET any -> [172.114.175.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.114.175.156/; sid:900790994; rev:1;) alert tcp $HOME_NET any -> [154.72.75.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.72.75.82/; sid:900790988; rev:1;) alert tcp $HOME_NET any -> [189.234.165.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.234.165.149/; sid:900790987; rev:1;) alert tcp $HOME_NET any -> [98.157.215.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.157.215.153/; sid:900790985; rev:1;) alert tcp $HOME_NET any -> [181.119.30.27] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.27/; sid:900790983; rev:1;) alert tcp $HOME_NET any -> [216.49.114.172] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.49.114.172/; sid:900790981; rev:1;) alert tcp $HOME_NET any -> [69.136.227.134] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.136.227.134/; sid:900790980; rev:1;) alert tcp $HOME_NET any -> [190.215.53.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.215.53.85/; sid:900790977; rev:1;) alert tcp $HOME_NET any -> [71.240.202.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.240.202.13/; sid:900790976; rev:1;) alert tcp $HOME_NET any -> [186.179.243.7] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.243.7/; sid:900790975; rev:1;) alert tcp $HOME_NET any -> [5.107.161.71] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.107.161.71/; sid:900790974; rev:1;) alert tcp $HOME_NET any -> [50.224.156.190] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.224.156.190/; sid:900790973; rev:1;) alert tcp $HOME_NET any -> [5.107.250.192] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.107.250.192/; sid:900790972; rev:1;) alert tcp $HOME_NET any -> [187.233.136.39] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.136.39/; sid:900790971; rev:1;) alert tcp $HOME_NET any -> [175.101.79.120] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.101.79.120/; sid:900790970; rev:1;) alert tcp $HOME_NET any -> [70.164.196.211] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.164.196.211/; sid:900790969; rev:1;) alert tcp $HOME_NET any -> [71.91.161.118] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.91.161.118/; sid:900790968; rev:1;) alert tcp $HOME_NET any -> [182.76.6.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.76.6.2/; sid:900790070; rev:1;) alert tcp $HOME_NET any -> [46.197.87.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.197.87.227/; sid:900790065; rev:1;) alert tcp $HOME_NET any -> [181.39.51.242] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.51.242/; sid:900790061; rev:1;) alert tcp $HOME_NET any -> [78.189.143.75] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.143.75/; sid:900790053; rev:1;) alert tcp $HOME_NET any -> [213.119.28.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.119.28.126/; sid:900790052; rev:1;) alert tcp $HOME_NET any -> [190.220.33.82] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.33.82/; sid:900790049; rev:1;) alert tcp $HOME_NET any -> [51.77.108.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.108.93/; sid:900790047; rev:1;) alert tcp $HOME_NET any -> [50.45.208.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.45.208.50/; sid:900790045; rev:1;) alert tcp $HOME_NET any -> [173.21.26.90] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.26.90/; sid:900790044; rev:1;) alert tcp $HOME_NET any -> [201.239.126.253] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.239.126.253/; sid:900789846; rev:1;) alert tcp $HOME_NET any -> [117.218.253.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.218.253.157/; sid:900789845; rev:1;) alert tcp $HOME_NET any -> [47.157.230.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.157.230.41/; sid:900789841; rev:1;) alert tcp $HOME_NET any -> [66.228.228.211] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.228.211/; sid:900789835; rev:1;) alert tcp $HOME_NET any -> [208.189.3.60] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.189.3.60/; sid:900789832; rev:1;) alert tcp $HOME_NET any -> [70.30.252.174] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.30.252.174/; sid:900789831; rev:1;) alert tcp $HOME_NET any -> [117.4.245.5] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.4.245.5/; sid:900789828; rev:1;) alert tcp $HOME_NET any -> [201.156.42.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.156.42.238/; sid:900789826; rev:1;) alert tcp $HOME_NET any -> [189.154.100.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.100.228/; sid:900789820; rev:1;) alert tcp $HOME_NET any -> [97.121.198.2] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.121.198.2/; sid:900789819; rev:1;) alert tcp $HOME_NET any -> [190.248.133.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.248.133.18/; sid:900789818; rev:1;) alert tcp $HOME_NET any -> [190.144.66.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.66.30/; sid:900789814; rev:1;) alert tcp $HOME_NET any -> [189.208.239.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.239.98/; sid:900789808; rev:1;) alert tcp $HOME_NET any -> [186.138.205.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.205.189/; sid:900789793; rev:1;) alert tcp $HOME_NET any -> [173.248.147.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.248.147.186/; sid:900789792; rev:1;) alert tcp $HOME_NET any -> [184.161.177.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.161.177.223/; sid:900789791; rev:1;) alert tcp $HOME_NET any -> [105.225.179.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.179.102/; sid:900789790; rev:1;) alert tcp $HOME_NET any -> [186.96.198.72] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.96.198.72/; sid:900789789; rev:1;) alert tcp $HOME_NET any -> [70.28.3.120] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.3.120/; sid:900789788; rev:1;) alert tcp $HOME_NET any -> [201.220.140.190] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.220.140.190/; sid:900789787; rev:1;) alert tcp $HOME_NET any -> [190.171.105.158] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.105.158/; sid:900789786; rev:1;) alert tcp $HOME_NET any -> [187.201.31.46] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.201.31.46/; sid:900789785; rev:1;) alert tcp $HOME_NET any -> [85.105.215.241] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.215.241/; sid:900789784; rev:1;) alert tcp $HOME_NET any -> [75.183.130.158] 8082 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.183.130.158/; sid:900621974; rev:1;) alert tcp $HOME_NET any -> [181.164.25.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.25.28/; sid:900787002; rev:1;) alert tcp $HOME_NET any -> [200.116.200.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.200.136/; sid:900787001; rev:1;) alert tcp $HOME_NET any -> [190.186.110.202] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.110.202/; sid:900786999; rev:1;) alert tcp $HOME_NET any -> [50.195.236.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.195.236.117/; sid:900786996; rev:1;) alert tcp $HOME_NET any -> [104.200.80.44] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.200.80.44/; sid:900786995; rev:1;) alert tcp $HOME_NET any -> [69.170.237.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.170.237.82/; sid:900786991; rev:1;) alert tcp $HOME_NET any -> [187.146.255.151] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.146.255.151/; sid:900786989; rev:1;) alert tcp $HOME_NET any -> [24.194.252.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.194.252.25/; sid:900786987; rev:1;) alert tcp $HOME_NET any -> [116.58.87.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.58.87.8/; sid:900786981; rev:1;) alert tcp $HOME_NET any -> [181.15.224.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.224.57/; sid:900786973; rev:1;) alert tcp $HOME_NET any -> [184.101.191.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.101.191.86/; sid:900786972; rev:1;) alert tcp $HOME_NET any -> [108.190.34.69] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.190.34.69/; sid:900786946; rev:1;) alert tcp $HOME_NET any -> [96.234.162.118] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.234.162.118/; sid:900786943; rev:1;) alert tcp $HOME_NET any -> [75.97.212.250] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.97.212.250/; sid:900786937; rev:1;) alert tcp $HOME_NET any -> [107.13.149.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.13.149.212/; sid:900786933; rev:1;) alert tcp $HOME_NET any -> [47.187.38.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.187.38.245/; sid:900786917; rev:1;) alert tcp $HOME_NET any -> [2.96.48.32] 56056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.96.48.32/; sid:900784987; rev:1;) alert tcp $HOME_NET any -> [208.82.45.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.82.45.8/; sid:900781563; rev:1;) alert tcp $HOME_NET any -> [72.214.54.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.214.54.39/; sid:900781553; rev:1;) alert tcp $HOME_NET any -> [201.151.157.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.151.157.61/; sid:900781552; rev:1;) alert tcp $HOME_NET any -> [71.7.15.240] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.7.15.240/; sid:900781541; rev:1;) alert tcp $HOME_NET any -> [208.107.52.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.107.52.29/; sid:900781540; rev:1;) alert tcp $HOME_NET any -> [189.225.165.11] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.165.11/; sid:900781537; rev:1;) alert tcp $HOME_NET any -> [97.100.88.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.100.88.65/; sid:900781533; rev:1;) alert tcp $HOME_NET any -> [24.173.121.154] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.173.121.154/; sid:900781532; rev:1;) alert tcp $HOME_NET any -> [174.96.7.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.7.155/; sid:900781530; rev:1;) alert tcp $HOME_NET any -> [169.0.85.74] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.85.74/; sid:900781528; rev:1;) alert tcp $HOME_NET any -> [50.80.9.93] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.80.9.93/; sid:900781526; rev:1;) alert tcp $HOME_NET any -> [187.151.226.219] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.151.226.219/; sid:900781522; rev:1;) alert tcp $HOME_NET any -> [64.87.26.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.87.26.16/; sid:900781517; rev:1;) alert tcp $HOME_NET any -> [174.79.240.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.79.240.46/; sid:900781515; rev:1;) alert tcp $HOME_NET any -> [70.55.70.230] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.70.230/; sid:900781514; rev:1;) alert tcp $HOME_NET any -> [189.163.137.10] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.137.10/; sid:900781513; rev:1;) alert tcp $HOME_NET any -> [68.192.249.20] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.192.249.20/; sid:900780601; rev:1;) alert tcp $HOME_NET any -> [75.69.2.222] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.69.2.222/; sid:900780600; rev:1;) alert tcp $HOME_NET any -> [190.40.100.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.40.100.7/; sid:900780594; rev:1;) alert tcp $HOME_NET any -> [189.222.174.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.174.85/; sid:900780591; rev:1;) alert tcp $HOME_NET any -> [66.57.212.114] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.57.212.114/; sid:900780589; rev:1;) alert tcp $HOME_NET any -> [207.119.180.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.119.180.154/; sid:900780588; rev:1;) alert tcp $HOME_NET any -> [184.186.222.145] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.186.222.145/; sid:900780586; rev:1;) alert tcp $HOME_NET any -> [75.164.190.148] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.164.190.148/; sid:900780575; rev:1;) alert tcp $HOME_NET any -> [138.94.252.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.94.252.226/; sid:900780574; rev:1;) alert tcp $HOME_NET any -> [64.17.83.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.17.83.46/; sid:900780569; rev:1;) alert tcp $HOME_NET any -> [108.16.93.238] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.16.93.238/; sid:900780549; rev:1;) alert tcp $HOME_NET any -> [54.36.119.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.119.105/; sid:900780548; rev:1;) alert tcp $HOME_NET any -> [187.137.106.175] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.106.175/; sid:900780547; rev:1;) alert tcp $HOME_NET any -> [189.156.244.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.156.244.117/; sid:900780546; rev:1;) alert tcp $HOME_NET any -> [201.110.114.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.114.161/; sid:900780545; rev:1;) alert tcp $HOME_NET any -> [75.132.60.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.132.60.192/; sid:900780544; rev:1;) alert tcp $HOME_NET any -> [190.180.44.175] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.44.175/; sid:900780543; rev:1;) alert tcp $HOME_NET any -> [201.143.123.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.123.254/; sid:900780542; rev:1;) alert tcp $HOME_NET any -> [184.188.136.215] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.188.136.215/; sid:900780541; rev:1;) alert tcp $HOME_NET any -> [189.252.59.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.59.243/; sid:900780540; rev:1;) alert tcp $HOME_NET any -> [173.167.83.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.167.83.97/; sid:900780534; rev:1;) alert tcp $HOME_NET any -> [75.99.239.150] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.239.150/; sid:900780532; rev:1;) alert tcp $HOME_NET any -> [103.119.144.250] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.119.144.250/; sid:900621973; rev:1;) alert tcp $HOME_NET any -> [71.244.183.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.244.183.150/; sid:900780526; rev:1;) alert tcp $HOME_NET any -> [201.137.255.80] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.255.80/; sid:900780347; rev:1;) alert tcp $HOME_NET any -> [65.29.214.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.29.214.70/; sid:900780343; rev:1;) alert tcp $HOME_NET any -> [201.137.254.209] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.254.209/; sid:900780341; rev:1;) alert tcp $HOME_NET any -> [47.204.55.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.204.55.229/; sid:900780340; rev:1;) alert tcp $HOME_NET any -> [201.164.251.76] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.164.251.76/; sid:900780339; rev:1;) alert tcp $HOME_NET any -> [190.194.4.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.194.4.221/; sid:900780338; rev:1;) alert tcp $HOME_NET any -> [24.201.132.122] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.201.132.122/; sid:900780337; rev:1;) alert tcp $HOME_NET any -> [181.168.123.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.168.123.241/; sid:900779931; rev:1;) alert tcp $HOME_NET any -> [72.137.188.42] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.137.188.42/; sid:900779926; rev:1;) alert tcp $HOME_NET any -> [73.115.132.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.115.132.124/; sid:900779916; rev:1;) alert tcp $HOME_NET any -> [189.130.56.200] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.130.56.200/; sid:900779910; rev:1;) alert tcp $HOME_NET any -> [186.137.133.132] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.133.132/; sid:900779909; rev:1;) alert tcp $HOME_NET any -> [186.176.27.230] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.27.230/; sid:900779908; rev:1;) alert tcp $HOME_NET any -> [24.219.3.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.219.3.156/; sid:900779907; rev:1;) alert tcp $HOME_NET any -> [200.27.55.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.27.55.100/; sid:900779906; rev:1;) alert tcp $HOME_NET any -> [71.183.45.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.183.45.61/; sid:900779905; rev:1;) alert tcp $HOME_NET any -> [183.87.87.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.87.73/; sid:900779904; rev:1;) alert tcp $HOME_NET any -> [186.103.141.250] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.103.141.250/; sid:900779903; rev:1;) alert tcp $HOME_NET any -> [41.60.202.26] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.60.202.26/; sid:900779902; rev:1;) alert tcp $HOME_NET any -> [74.59.106.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.59.106.11/; sid:900779901; rev:1;) alert tcp $HOME_NET any -> [187.153.90.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.90.98/; sid:900779898; rev:1;) alert tcp $HOME_NET any -> [110.36.217.66] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.217.66/; sid:900779880; rev:1;) alert tcp $HOME_NET any -> [12.154.104.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.154.104.17/; sid:900779879; rev:1;) alert tcp $HOME_NET any -> [197.245.16.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.245.16.149/; sid:900779878; rev:1;) alert tcp $HOME_NET any -> [173.8.8.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.8.8.73/; sid:900779876; rev:1;) alert tcp $HOME_NET any -> [187.138.90.97] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.138.90.97/; sid:900779875; rev:1;) alert tcp $HOME_NET any -> [12.235.180.10] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.235.180.10/; sid:900779874; rev:1;) alert tcp $HOME_NET any -> [167.114.210.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.210.191/; sid:900779873; rev:1;) alert tcp $HOME_NET any -> [147.135.210.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.135.210.39/; sid:900779872; rev:1;) alert tcp $HOME_NET any -> [180.250.197.188] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.250.197.188/; sid:900622057; rev:1;) alert tcp $HOME_NET any -> [82.65.72.67] 21075 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.65.72.67/; sid:900779167; rev:1;) alert tcp $HOME_NET any -> [67.69.80.83] 16713 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.69.80.83/; sid:900779166; rev:1;) alert tcp $HOME_NET any -> [67.166.132.100] 1293 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.166.132.100/; sid:900779165; rev:1;) alert tcp $HOME_NET any -> [4.110.106.248] 27424 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.248/; sid:900779164; rev:1;) alert tcp $HOME_NET any -> [4.110.106.168] 27344 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.168/; sid:900779163; rev:1;) alert tcp $HOME_NET any -> [4.110.106.88] 27264 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.88/; sid:900779162; rev:1;) alert tcp $HOME_NET any -> [4.110.106.8] 27184 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.106.8/; sid:900779161; rev:1;) alert tcp $HOME_NET any -> [4.110.105.184] 27104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.110.105.184/; sid:900779160; rev:1;) alert tcp $HOME_NET any -> [72.22.5.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.22.5.242/; sid:900776791; rev:1;) alert tcp $HOME_NET any -> [78.188.44.240] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.44.240/; sid:900776786; rev:1;) alert tcp $HOME_NET any -> [50.249.129.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.249.129.30/; sid:900776789; rev:1;) alert tcp $HOME_NET any -> [166.78.243.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.78.243.43/; sid:900776784; rev:1;) alert tcp $HOME_NET any -> [66.169.58.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.169.58.13/; sid:900776783; rev:1;) alert tcp $HOME_NET any -> [24.120.175.91] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.120.175.91/; sid:900776782; rev:1;) alert tcp $HOME_NET any -> [190.83.219.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.83.219.98/; sid:900776778; rev:1;) alert tcp $HOME_NET any -> [172.221.195.97] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.221.195.97/; sid:900776777; rev:1;) alert tcp $HOME_NET any -> [81.21.87.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.21.87.18/; sid:900776776; rev:1;) alert tcp $HOME_NET any -> [97.106.81.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.106.81.243/; sid:900776774; rev:1;) alert tcp $HOME_NET any -> [69.124.216.247] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.124.216.247/; sid:900776773; rev:1;) alert tcp $HOME_NET any -> [85.96.199.181] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.96.199.181/; sid:900776772; rev:1;) alert tcp $HOME_NET any -> [50.82.84.35] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.82.84.35/; sid:900776771; rev:1;) alert tcp $HOME_NET any -> [97.76.139.138] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.76.139.138/; sid:900776770; rev:1;) alert tcp $HOME_NET any -> [69.248.153.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.248.153.50/; sid:900776769; rev:1;) alert tcp $HOME_NET any -> [181.16.135.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.135.40/; sid:900776768; rev:1;) alert tcp $HOME_NET any -> [24.146.210.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.146.210.108/; sid:900776767; rev:1;) alert tcp $HOME_NET any -> [95.10.12.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.10.12.151/; sid:900775606; rev:1;) alert tcp $HOME_NET any -> [96.60.95.245] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.60.95.245/; sid:900775585; rev:1;) alert tcp $HOME_NET any -> [189.131.93.44] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.93.44/; sid:900775583; rev:1;) alert tcp $HOME_NET any -> [96.47.92.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.47.92.60/; sid:900775581; rev:1;) alert tcp $HOME_NET any -> [216.201.162.158] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.201.162.158/; sid:900775580; rev:1;) alert tcp $HOME_NET any -> [67.249.245.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.249.245.159/; sid:900775579; rev:1;) alert tcp $HOME_NET any -> [98.0.245.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.245.234/; sid:900775578; rev:1;) alert tcp $HOME_NET any -> [82.14.53.90] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.14.53.90/; sid:900775577; rev:1;) alert tcp $HOME_NET any -> [66.216.234.131] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.216.234.131/; sid:900775576; rev:1;) alert tcp $HOME_NET any -> [51.77.109.38] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.109.38/; sid:900775415; rev:1;) alert tcp $HOME_NET any -> [190.34.215.74] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.34.215.74/; sid:900775413; rev:1;) alert tcp $HOME_NET any -> [78.186.71.119] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.71.119/; sid:900775411; rev:1;) alert tcp $HOME_NET any -> [75.139.212.94] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.139.212.94/; sid:900775410; rev:1;) alert tcp $HOME_NET any -> [187.167.66.31] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.167.66.31/; sid:900775407; rev:1;) alert tcp $HOME_NET any -> [187.243.193.143] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.243.193.143/; sid:900775401; rev:1;) alert tcp $HOME_NET any -> [187.153.108.92] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.108.92/; sid:900775399; rev:1;) alert tcp $HOME_NET any -> [189.249.2.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.249.2.181/; sid:900775398; rev:1;) alert tcp $HOME_NET any -> [181.164.188.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.188.27/; sid:900775396; rev:1;) alert tcp $HOME_NET any -> [187.178.89.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.89.60/; sid:900775393; rev:1;) alert tcp $HOME_NET any -> [179.62.226.22] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.226.22/; sid:900775391; rev:1;) alert tcp $HOME_NET any -> [190.55.118.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.118.192/; sid:900775390; rev:1;) alert tcp $HOME_NET any -> [187.137.46.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.46.18/; sid:900775389; rev:1;) alert tcp $HOME_NET any -> [71.174.233.71] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.174.233.71/; sid:900775388; rev:1;) alert tcp $HOME_NET any -> [200.110.85.138] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.110.85.138/; sid:900775387; rev:1;) alert tcp $HOME_NET any -> [64.32.70.194] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.32.70.194/; sid:900775386; rev:1;) alert tcp $HOME_NET any -> [187.131.137.216] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.131.137.216/; sid:900775385; rev:1;) alert tcp $HOME_NET any -> [174.84.250.37] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.84.250.37/; sid:900775384; rev:1;) alert tcp $HOME_NET any -> [190.183.39.78] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.39.78/; sid:900774805; rev:1;) alert tcp $HOME_NET any -> [118.130.116.170] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.130.116.170/; sid:900774803; rev:1;) alert tcp $HOME_NET any -> [50.93.34.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.93.34.66/; sid:900774802; rev:1;) alert tcp $HOME_NET any -> [61.76.180.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.76.180.18/; sid:900774790; rev:1;) alert tcp $HOME_NET any -> [71.42.166.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.42.166.139/; sid:900774788; rev:1;) alert tcp $HOME_NET any -> [174.56.183.132] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.56.183.132/; sid:900774787; rev:1;) alert tcp $HOME_NET any -> [182.23.3.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.23.3.227/; sid:900774780; rev:1;) alert tcp $HOME_NET any -> [155.186.224.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.186.224.38/; sid:900774777; rev:1;) alert tcp $HOME_NET any -> [67.254.13.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.254.13.154/; sid:900774776; rev:1;) alert tcp $HOME_NET any -> [115.97.108.67] 115 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.97.108.67/; sid:900773687; rev:1;) alert tcp $HOME_NET any -> [173.68.169.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.68.169.16/; sid:900773518; rev:1;) alert tcp $HOME_NET any -> [201.137.6.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.6.108/; sid:900773502; rev:1;) alert tcp $HOME_NET any -> [186.10.76.19] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.76.19/; sid:900773501; rev:1;) alert tcp $HOME_NET any -> [201.184.67.10] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.67.10/; sid:900773500; rev:1;) alert tcp $HOME_NET any -> [187.163.204.187] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.204.187/; sid:900773499; rev:1;) alert tcp $HOME_NET any -> [210.79.77.131] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.79.77.131/; sid:900773498; rev:1;) alert tcp $HOME_NET any -> [186.42.119.26] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.119.26/; sid:900773497; rev:1;) alert tcp $HOME_NET any -> [100.35.190.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.35.190.8/; sid:900772596; rev:1;) alert tcp $HOME_NET any -> [204.197.152.162] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.197.152.162/; sid:900772594; rev:1;) alert tcp $HOME_NET any -> [38.27.109.250] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.27.109.250/; sid:900772582; rev:1;) alert tcp $HOME_NET any -> [70.123.237.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.123.237.77/; sid:900772576; rev:1;) alert tcp $HOME_NET any -> [173.63.66.10] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.63.66.10/; sid:900772575; rev:1;) alert tcp $HOME_NET any -> [159.118.77.61] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.118.77.61/; sid:900772574; rev:1;) alert tcp $HOME_NET any -> [86.98.45.135] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.45.135/; sid:900772573; rev:1;) alert tcp $HOME_NET any -> [67.20.236.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.20.236.21/; sid:900772567; rev:1;) alert tcp $HOME_NET any -> [96.37.137.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.37.137.42/; sid:900771318; rev:1;) alert tcp $HOME_NET any -> [97.96.130.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.96.130.176/; sid:900771315; rev:1;) alert tcp $HOME_NET any -> [40.132.40.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.132.40.83/; sid:900771316; rev:1;) alert tcp $HOME_NET any -> [24.228.124.151] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.228.124.151/; sid:900771314; rev:1;) alert tcp $HOME_NET any -> [79.75.233.224] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.75.233.224/; sid:900771311; rev:1;) alert tcp $HOME_NET any -> [184.54.110.31] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.54.110.31/; sid:900771307; rev:1;) alert tcp $HOME_NET any -> [12.195.47.98] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.195.47.98/; sid:900771306; rev:1;) alert tcp $HOME_NET any -> [76.94.226.173] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.94.226.173/; sid:900771302; rev:1;) alert tcp $HOME_NET any -> [181.1.124.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.1.124.16/; sid:900771301; rev:1;) alert tcp $HOME_NET any -> [98.175.156.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.175.156.154/; sid:900771296; rev:1;) alert tcp $HOME_NET any -> [47.224.42.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.224.42.17/; sid:900771295; rev:1;) alert tcp $HOME_NET any -> [24.155.49.236] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.155.49.236/; sid:900771294; rev:1;) alert tcp $HOME_NET any -> [104.228.227.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.228.227.210/; sid:900771293; rev:1;) alert tcp $HOME_NET any -> [50.245.173.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.245.173.58/; sid:900771292; rev:1;) alert tcp $HOME_NET any -> [189.236.235.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.235.73/; sid:900771291; rev:1;) alert tcp $HOME_NET any -> [76.113.130.72] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.113.130.72/; sid:900771290; rev:1;) alert tcp $HOME_NET any -> [63.227.80.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.227.80.10/; sid:900771289; rev:1;) alert tcp $HOME_NET any -> [98.31.4.186] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.31.4.186/; sid:900771288; rev:1;) alert tcp $HOME_NET any -> [70.184.86.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.86.103/; sid:900771287; rev:1;) alert tcp $HOME_NET any -> [110.105.32.115] 24950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.105.32.115/; sid:900771028; rev:1;) alert tcp $HOME_NET any -> [97.32.111.116] 25443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.111.116/; sid:900771027; rev:1;) alert tcp $HOME_NET any -> [32.115.101.104] 29281 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.115.101.104/; sid:900770898; rev:1;) alert tcp $HOME_NET any -> [32.121.116.112] 24941 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.121.116.112/; sid:900770897; rev:1;) alert tcp $HOME_NET any -> [104.99.116.97] 28448 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.99.116.97/; sid:900770895; rev:1;) alert tcp $HOME_NET any -> [46.116.99.101] 2570 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.116.99.101/; sid:900770896; rev:1;) alert tcp $HOME_NET any -> [115.110.114.117] 24864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.110.114.117/; sid:900770894; rev:1;) alert tcp $HOME_NET any -> [114.111.116.97] 29216 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.111.116.97/; sid:900770893; rev:1;) alert tcp $HOME_NET any -> [32.101.104.116] 29801 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.101.104.116/; sid:900770892; rev:1;) alert tcp $HOME_NET any -> [116.97.109.32] 26723 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.97.109.32/; sid:900770891; rev:1;) alert tcp $HOME_NET any -> [32.114.111.70] 24933 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.114.111.70/; sid:900770890; rev:1;) alert tcp $HOME_NET any -> [110.105.114.116] 11879 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.105.114.116/; sid:900770889; rev:1;) alert tcp $HOME_NET any -> [32.32.32.32] 8224 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.32.32.32/; sid:900770888; rev:1;) alert tcp $HOME_NET any -> [116.32.110.105] 25960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.32.110.105/; sid:900770887; rev:1;) alert tcp $HOME_NET any -> [99.116.97.109] 25960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.116.97.109/; sid:900770886; rev:1;) alert tcp $HOME_NET any -> [112.112.97.108] 28265 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.112.97.108/; sid:900770885; rev:1;) alert tcp $HOME_NET any -> [196.131.2.96] 33548 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.2.96/; sid:900770756; rev:1;) alert tcp $HOME_NET any -> [80.82.81.88] 5631 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.82.81.88/; sid:900770755; rev:1;) alert tcp $HOME_NET any -> [200.114.142.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.142.15/; sid:900770110; rev:1;) alert tcp $HOME_NET any -> [98.238.127.216] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.238.127.216/; sid:900770103; rev:1;) alert tcp $HOME_NET any -> [201.124.46.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.124.46.8/; sid:900770092; rev:1;) alert tcp $HOME_NET any -> [186.15.180.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.180.71/; sid:900770091; rev:1;) alert tcp $HOME_NET any -> [162.247.42.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.42.61/; sid:900770090; rev:1;) alert tcp $HOME_NET any -> [201.183.238.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.238.18/; sid:900770089; rev:1;) alert tcp $HOME_NET any -> [70.24.147.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.24.147.245/; sid:900770087; rev:1;) alert tcp $HOME_NET any -> [189.251.40.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.251.40.71/; sid:900770086; rev:1;) alert tcp $HOME_NET any -> [208.180.246.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.246.147/; sid:900770085; rev:1;) alert tcp $HOME_NET any -> [88.225.226.91] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.225.226.91/; sid:900770084; rev:1;) alert tcp $HOME_NET any -> [179.62.48.123] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.48.123/; sid:900770083; rev:1;) alert tcp $HOME_NET any -> [82.218.163.254] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.218.163.254/; sid:900769510; rev:1;) alert tcp $HOME_NET any -> [71.40.213.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.40.213.82/; sid:900769505; rev:1;) alert tcp $HOME_NET any -> [168.226.35.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.226.35.218/; sid:900769503; rev:1;) alert tcp $HOME_NET any -> [174.96.202.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.202.70/; sid:900769500; rev:1;) alert tcp $HOME_NET any -> [190.85.8.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.8.155/; sid:900769495; rev:1;) alert tcp $HOME_NET any -> [190.191.218.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.218.44/; sid:900769494; rev:1;) alert tcp $HOME_NET any -> [98.189.192.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.189.192.183/; sid:900769484; rev:1;) alert tcp $HOME_NET any -> [70.118.28.174] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.118.28.174/; sid:900769483; rev:1;) alert tcp $HOME_NET any -> [189.147.12.211] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.147.12.211/; sid:900769482; rev:1;) alert tcp $HOME_NET any -> [190.92.58.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.58.150/; sid:900769481; rev:1;) alert tcp $HOME_NET any -> [94.155.113.12] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.155.113.12/; sid:900769480; rev:1;) alert tcp $HOME_NET any -> [190.154.155.34] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.155.34/; sid:900769479; rev:1;) alert tcp $HOME_NET any -> [129.24.37.8] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.24.37.8/; sid:900769475; rev:1;) alert tcp $HOME_NET any -> [50.198.42.246] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.198.42.246/; sid:900769463; rev:1;) alert tcp $HOME_NET any -> [87.106.210.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.210.123/; sid:900769472; rev:1;) alert tcp $HOME_NET any -> [86.98.217.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.217.63/; sid:900769455; rev:1;) alert tcp $HOME_NET any -> [181.119.30.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.36/; sid:900769454; rev:1;) alert tcp $HOME_NET any -> [181.119.30.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.28/; sid:900769453; rev:1;) alert tcp $HOME_NET any -> [63.116.14.206] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.116.14.206/; sid:900769452; rev:1;) alert tcp $HOME_NET any -> [216.255.17.231] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.255.17.231/; sid:900769450; rev:1;) alert tcp $HOME_NET any -> [64.19.74.49] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.19.74.49/; sid:900769448; rev:1;) alert tcp $HOME_NET any -> [201.122.94.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.122.94.84/; sid:900768773; rev:1;) alert tcp $HOME_NET any -> [186.10.243.34] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.243.34/; sid:900768772; rev:1;) alert tcp $HOME_NET any -> [123.168.4.66] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.168.4.66/; sid:900768769; rev:1;) alert tcp $HOME_NET any -> [187.148.77.84] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.77.84/; sid:900768767; rev:1;) alert tcp $HOME_NET any -> [181.56.165.97] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.56.165.97/; sid:900768765; rev:1;) alert tcp $HOME_NET any -> [186.68.100.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.100.2/; sid:900768764; rev:1;) alert tcp $HOME_NET any -> [209.159.244.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.159.244.240/; sid:900768763; rev:1;) alert tcp $HOME_NET any -> [23.233.240.77] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.233.240.77/; sid:900768761; rev:1;) alert tcp $HOME_NET any -> [190.117.226.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.226.104/; sid:900768758; rev:1;) alert tcp $HOME_NET any -> [194.154.80.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.154.80.106/; sid:900768752; rev:1;) alert tcp $HOME_NET any -> [201.204.44.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.204.44.101/; sid:900768751; rev:1;) alert tcp $HOME_NET any -> [184.15.10.139] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.15.10.139/; sid:900768750; rev:1;) alert tcp $HOME_NET any -> [70.114.194.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.114.194.228/; sid:900768749; rev:1;) alert tcp $HOME_NET any -> [189.166.103.82] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.103.82/; sid:900768748; rev:1;) alert tcp $HOME_NET any -> [70.177.115.200] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.177.115.200/; sid:900768747; rev:1;) alert tcp $HOME_NET any -> [74.62.89.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.62.89.170/; sid:900768746; rev:1;) alert tcp $HOME_NET any -> [173.94.53.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.94.53.3/; sid:900768745; rev:1;) alert tcp $HOME_NET any -> [181.29.214.233] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.214.233/; sid:900768744; rev:1;) alert tcp $HOME_NET any -> [212.83.51.248] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.83.51.248/; sid:900768743; rev:1;) alert tcp $HOME_NET any -> [64.228.72.40] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.228.72.40/; sid:900768739; rev:1;) alert tcp $HOME_NET any -> [72.84.179.218] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.84.179.218/; sid:900768738; rev:1;) alert tcp $HOME_NET any -> [138.201.140.110] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.201.140.110/; sid:900768736; rev:1;) alert tcp $HOME_NET any -> [70.115.70.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.115.70.154/; sid:900768729; rev:1;) alert tcp $HOME_NET any -> [99.139.140.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.139.140.129/; sid:900768728; rev:1;) alert tcp $HOME_NET any -> [96.20.172.107] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.172.107/; sid:900768726; rev:1;) alert tcp $HOME_NET any -> [68.195.129.139] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.195.129.139/; sid:900768720; rev:1;) alert tcp $HOME_NET any -> [172.98.243.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.98.243.40/; sid:900768719; rev:1;) alert tcp $HOME_NET any -> [24.243.160.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.160.247/; sid:900768718; rev:1;) alert tcp $HOME_NET any -> [66.193.130.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.193.130.13/; sid:900768717; rev:1;) alert tcp $HOME_NET any -> [70.116.68.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.116.68.186/; sid:900768716; rev:1;) alert tcp $HOME_NET any -> [191.92.83.137] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.83.137/; sid:900768715; rev:1;) alert tcp $HOME_NET any -> [71.41.68.158] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.41.68.158/; sid:900768714; rev:1;) alert tcp $HOME_NET any -> [189.150.140.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.150.140.28/; sid:900768713; rev:1;) alert tcp $HOME_NET any -> [107.10.49.252] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.10.49.252/; sid:900768712; rev:1;) alert tcp $HOME_NET any -> [24.151.31.150] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.151.31.150/; sid:900768711; rev:1;) alert tcp $HOME_NET any -> [36.89.85.103] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.85.103/; sid:900622011; rev:1;) alert tcp $HOME_NET any -> [187.145.0.129] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.145.0.129/; sid:900768710; rev:1;) alert tcp $HOME_NET any -> [201.212.113.14] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.113.14/; sid:900768708; rev:1;) alert tcp $HOME_NET any -> [90.63.245.70] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.63.245.70/; sid:900768707; rev:1;) alert tcp $HOME_NET any -> [66.209.69.165] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.209.69.165/; sid:900768705; rev:1;) alert tcp $HOME_NET any -> [80.15.172.81] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.15.172.81/; sid:900768703; rev:1;) alert tcp $HOME_NET any -> [76.94.36.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.94.36.57/; sid:900768701; rev:1;) alert tcp $HOME_NET any -> [189.173.176.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.176.115/; sid:900768700; rev:1;) alert tcp $HOME_NET any -> [189.183.68.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.183.68.180/; sid:900768698; rev:1;) alert tcp $HOME_NET any -> [190.96.172.225] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.172.225/; sid:900768695; rev:1;) alert tcp $HOME_NET any -> [75.110.229.201] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.110.229.201/; sid:900768692; rev:1;) alert tcp $HOME_NET any -> [74.62.52.222] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.62.52.222/; sid:900768690; rev:1;) alert tcp $HOME_NET any -> [186.72.205.234] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.72.205.234/; sid:900768689; rev:1;) alert tcp $HOME_NET any -> [12.6.183.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.6.183.21/; sid:900768688; rev:1;) alert tcp $HOME_NET any -> [74.45.170.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.45.170.110/; sid:900768687; rev:1;) alert tcp $HOME_NET any -> [192.163.199.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.199.254/; sid:900768683; rev:1;) alert tcp $HOME_NET any -> [51.255.50.164] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.50.164/; sid:900768682; rev:1;) alert tcp $HOME_NET any -> [181.167.251.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.251.10/; sid:900768681; rev:1;) alert tcp $HOME_NET any -> [64.40.163.8] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.40.163.8/; sid:900768680; rev:1;) alert tcp $HOME_NET any -> [189.178.109.181] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.178.109.181/; sid:900768679; rev:1;) alert tcp $HOME_NET any -> [99.242.223.226] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.242.223.226/; sid:900768677; rev:1;) alert tcp $HOME_NET any -> [70.64.76.71] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.64.76.71/; sid:900768676; rev:1;) alert tcp $HOME_NET any -> [192.92.6.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.92.6.125/; sid:900768674; rev:1;) alert tcp $HOME_NET any -> [24.123.39.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.123.39.18/; sid:900768671; rev:1;) alert tcp $HOME_NET any -> [24.185.185.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.185.185.187/; sid:900768670; rev:1;) alert tcp $HOME_NET any -> [184.176.38.146] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.176.38.146/; sid:900768669; rev:1;) alert tcp $HOME_NET any -> [24.153.169.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.153.169.62/; sid:900768666; rev:1;) alert tcp $HOME_NET any -> [62.75.187.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.187.192/; sid:900768664; rev:1;) alert tcp $HOME_NET any -> [75.99.7.18] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.99.7.18/; sid:900768662; rev:1;) alert tcp $HOME_NET any -> [133.242.164.31] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.242.164.31/; sid:900768658; rev:1;) alert tcp $HOME_NET any -> [24.243.123.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.123.25/; sid:900768656; rev:1;) alert tcp $HOME_NET any -> [173.255.250.241] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.255.250.241/; sid:900768657; rev:1;) alert tcp $HOME_NET any -> [187.198.33.171] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.33.171/; sid:900768655; rev:1;) alert tcp $HOME_NET any -> [58.252.57.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.252.57.205/; sid:900768654; rev:1;) alert tcp $HOME_NET any -> [187.137.179.93] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.179.93/; sid:900768653; rev:1;) alert tcp $HOME_NET any -> [47.23.77.70] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.23.77.70/; sid:900768652; rev:1;) alert tcp $HOME_NET any -> [137.27.168.194] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.27.168.194/; sid:900768651; rev:1;) alert tcp $HOME_NET any -> [172.248.21.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.248.21.6/; sid:900768650; rev:1;) alert tcp $HOME_NET any -> [173.21.116.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.21.116.239/; sid:900768649; rev:1;) alert tcp $HOME_NET any -> [73.194.61.246] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.194.61.246/; sid:900768648; rev:1;) alert tcp $HOME_NET any -> [73.186.92.178] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.186.92.178/; sid:900768647; rev:1;) alert tcp $HOME_NET any -> [190.154.203.218] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.203.218/; sid:900622007; rev:1;) alert tcp $HOME_NET any -> [186.183.199.114] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.183.199.114/; sid:900622023; rev:1;) alert tcp $HOME_NET any -> [186.42.226.46] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.226.46/; sid:900622014; rev:1;) alert tcp $HOME_NET any -> [69.34.13.8] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.34.13.8/; sid:900766417; rev:1;) alert tcp $HOME_NET any -> [50.192.66.204] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.192.66.204/; sid:900766416; rev:1;) alert tcp $HOME_NET any -> [71.42.6.29] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.42.6.29/; sid:900766415; rev:1;) alert tcp $HOME_NET any -> [47.182.88.196] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.182.88.196/; sid:900766414; rev:1;) alert tcp $HOME_NET any -> [70.110.29.159] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.110.29.159/; sid:900766413; rev:1;) alert tcp $HOME_NET any -> [174.80.166.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.80.166.76/; sid:900766412; rev:1;) alert tcp $HOME_NET any -> [184.21.176.126] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.21.176.126/; sid:900766411; rev:1;) alert tcp $HOME_NET any -> [173.73.83.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.73.83.146/; sid:900766410; rev:1;) alert tcp $HOME_NET any -> [190.75.114.47] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.75.114.47/; sid:900765939; rev:1;) alert tcp $HOME_NET any -> [201.192.163.160] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.163.160/; sid:900765938; rev:1;) alert tcp $HOME_NET any -> [181.120.220.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.120.220.100/; sid:900765937; rev:1;) alert tcp $HOME_NET any -> [190.181.58.202] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.181.58.202/; sid:900765935; rev:1;) alert tcp $HOME_NET any -> [80.209.136.169] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.209.136.169/; sid:900765934; rev:1;) alert tcp $HOME_NET any -> [186.4.127.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.127.72/; sid:900765933; rev:1;) alert tcp $HOME_NET any -> [187.147.145.48] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.145.48/; sid:900765932; rev:1;) alert tcp $HOME_NET any -> [189.237.155.109] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.155.109/; sid:900765928; rev:1;) alert tcp $HOME_NET any -> [190.147.42.32] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.42.32/; sid:900765926; rev:1;) alert tcp $HOME_NET any -> [187.153.104.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.104.216/; sid:900765925; rev:1;) alert tcp $HOME_NET any -> [92.27.88.150] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.27.88.150/; sid:900765924; rev:1;) alert tcp $HOME_NET any -> [197.83.195.16] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.195.16/; sid:900765921; rev:1;) alert tcp $HOME_NET any -> [5.102.165.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.102.165.159/; sid:900765920; rev:1;) alert tcp $HOME_NET any -> [181.143.18.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.18.91/; sid:900765919; rev:1;) alert tcp $HOME_NET any -> [201.252.219.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.252.219.139/; sid:900765918; rev:1;) alert tcp $HOME_NET any -> [190.201.26.83] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.26.83/; sid:900765916; rev:1;) alert tcp $HOME_NET any -> [187.176.75.99] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.75.99/; sid:900765915; rev:1;) alert tcp $HOME_NET any -> [189.186.65.188] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.186.65.188/; sid:900765912; rev:1;) alert tcp $HOME_NET any -> [201.152.106.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.152.106.10/; sid:900765911; rev:1;) alert tcp $HOME_NET any -> [181.171.12.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.12.139/; sid:900765909; rev:1;) alert tcp $HOME_NET any -> [200.114.155.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.155.143/; sid:900765910; rev:1;) alert tcp $HOME_NET any -> [201.212.149.191] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.149.191/; sid:900765908; rev:1;) alert tcp $HOME_NET any -> [190.85.71.218] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.71.218/; sid:900765907; rev:1;) alert tcp $HOME_NET any -> [190.96.217.129] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.217.129/; sid:900765905; rev:1;) alert tcp $HOME_NET any -> [157.100.238.225] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.100.238.225/; sid:900765904; rev:1;) alert tcp $HOME_NET any -> [201.235.149.157] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.235.149.157/; sid:900765903; rev:1;) alert tcp $HOME_NET any -> [200.236.100.14] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.236.100.14/; sid:900765902; rev:1;) alert tcp $HOME_NET any -> [186.138.14.44] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.138.14.44/; sid:900765899; rev:1;) alert tcp $HOME_NET any -> [78.32.147.100] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.32.147.100/; sid:900765901; rev:1;) alert tcp $HOME_NET any -> [189.252.169.43] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.169.43/; sid:900765898; rev:1;) alert tcp $HOME_NET any -> [186.146.235.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.235.8/; sid:900765897; rev:1;) alert tcp $HOME_NET any -> [187.162.172.254] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.172.254/; sid:900765896; rev:1;) alert tcp $HOME_NET any -> [181.45.185.68] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.45.185.68/; sid:900765895; rev:1;) alert tcp $HOME_NET any -> [189.137.139.190] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.137.139.190/; sid:900765891; rev:1;) alert tcp $HOME_NET any -> [200.77.120.234] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.77.120.234/; sid:900765890; rev:1;) alert tcp $HOME_NET any -> [200.127.229.182] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.229.182/; sid:900765889; rev:1;) alert tcp $HOME_NET any -> [187.207.114.26] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.114.26/; sid:900765888; rev:1;) alert tcp $HOME_NET any -> [201.153.98.202] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.153.98.202/; sid:900765886; rev:1;) alert tcp $HOME_NET any -> [86.4.88.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.4.88.6/; sid:900765887; rev:1;) alert tcp $HOME_NET any -> [201.103.128.207] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.128.207/; sid:900765885; rev:1;) alert tcp $HOME_NET any -> [201.175.70.250] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.175.70.250/; sid:900765884; rev:1;) alert tcp $HOME_NET any -> [187.207.97.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.97.27/; sid:900765883; rev:1;) alert tcp $HOME_NET any -> [181.143.99.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.99.26/; sid:900765882; rev:1;) alert tcp $HOME_NET any -> [66.130.129.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.130.129.10/; sid:900765591; rev:1;) alert tcp $HOME_NET any -> [2.50.144.32] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.144.32/; sid:900765589; rev:1;) alert tcp $HOME_NET any -> [189.237.108.33] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.237.108.33/; sid:900765585; rev:1;) alert tcp $HOME_NET any -> [94.76.200.114] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.76.200.114/; sid:900765579; rev:1;) alert tcp $HOME_NET any -> [212.25.55.70] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.25.55.70/; sid:900765578; rev:1;) alert tcp $HOME_NET any -> [179.159.20.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.159.20.70/; sid:900765575; rev:1;) alert tcp $HOME_NET any -> [114.143.192.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.143.192.242/; sid:900765574; rev:1;) alert tcp $HOME_NET any -> [197.44.171.13] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.44.171.13/; sid:900765573; rev:1;) alert tcp $HOME_NET any -> [152.170.155.182] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.155.182/; sid:900765572; rev:1;) alert tcp $HOME_NET any -> [190.213.249.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.213.249.250/; sid:900765569; rev:1;) alert tcp $HOME_NET any -> [2.50.57.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.57.180/; sid:900765570; rev:1;) alert tcp $HOME_NET any -> [83.110.100.150] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.100.150/; sid:900765568; rev:1;) alert tcp $HOME_NET any -> [181.119.30.26] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.26/; sid:900765567; rev:1;) alert tcp $HOME_NET any -> [2.50.148.99] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.148.99/; sid:900765565; rev:1;) alert tcp $HOME_NET any -> [152.231.88.114] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.88.114/; sid:900765564; rev:1;) alert tcp $HOME_NET any -> [105.247.123.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.123.133/; sid:900765562; rev:1;) alert tcp $HOME_NET any -> [187.144.192.126] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.192.126/; sid:900765558; rev:1;) alert tcp $HOME_NET any -> [91.74.62.86] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.74.62.86/; sid:900765557; rev:1;) alert tcp $HOME_NET any -> [67.223.128.207] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.223.128.207/; sid:900765552; rev:1;) alert tcp $HOME_NET any -> [189.141.224.222] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.224.222/; sid:900765551; rev:1;) alert tcp $HOME_NET any -> [2.50.28.190] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.28.190/; sid:900765550; rev:1;) alert tcp $HOME_NET any -> [111.93.37.6] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.93.37.6/; sid:900765547; rev:1;) alert tcp $HOME_NET any -> [187.152.81.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.152.81.36/; sid:900765546; rev:1;) alert tcp $HOME_NET any -> [189.232.16.132] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.232.16.132/; sid:900765545; rev:1;) alert tcp $HOME_NET any -> [153.121.36.202] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.121.36.202/; sid:900765543; rev:1;) alert tcp $HOME_NET any -> [148.101.130.84] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.101.130.84/; sid:900765542; rev:1;) alert tcp $HOME_NET any -> [181.129.16.82] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.16.82/; sid:900765541; rev:1;) alert tcp $HOME_NET any -> [189.234.6.229] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.234.6.229/; sid:900765540; rev:1;) alert tcp $HOME_NET any -> [201.137.4.91] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.4.91/; sid:900765538; rev:1;) alert tcp $HOME_NET any -> [85.105.145.205] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.145.205/; sid:900765539; rev:1;) alert tcp $HOME_NET any -> [189.190.83.34] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.83.34/; sid:900765537; rev:1;) alert tcp $HOME_NET any -> [187.240.45.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.240.45.54/; sid:900765536; rev:1;) alert tcp $HOME_NET any -> [201.183.239.117] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.239.117/; sid:900765535; rev:1;) alert tcp $HOME_NET any -> [187.207.136.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.136.122/; sid:900765534; rev:1;) alert tcp $HOME_NET any -> [191.98.77.181] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.98.77.181/; sid:900765533; rev:1;) alert tcp $HOME_NET any -> [190.186.39.82] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.39.82/; sid:900621972; rev:1;) alert tcp $HOME_NET any -> [96.36.253.146] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.36.253.146/; sid:900621968; rev:1;) alert tcp $HOME_NET any -> [192.3.179.203] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.179.203/; sid:900621885; rev:1;) alert tcp $HOME_NET any -> [189.131.147.21] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.147.21/; sid:900763840; rev:1;) alert tcp $HOME_NET any -> [181.129.44.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.44.226/; sid:900763829; rev:1;) alert tcp $HOME_NET any -> [201.103.250.229] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.250.229/; sid:900763825; rev:1;) alert tcp $HOME_NET any -> [187.207.31.55] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.31.55/; sid:900763822; rev:1;) alert tcp $HOME_NET any -> [187.202.255.212] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.202.255.212/; sid:900763809; rev:1;) alert tcp $HOME_NET any -> [187.135.41.161] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.41.161/; sid:900763799; rev:1;) alert tcp $HOME_NET any -> [190.84.42.113] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.84.42.113/; sid:900763798; rev:1;) alert tcp $HOME_NET any -> [201.153.129.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.153.129.173/; sid:900763797; rev:1;) alert tcp $HOME_NET any -> [185.53.134.131] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.53.134.131/; sid:900763796; rev:1;) alert tcp $HOME_NET any -> [2.50.178.247] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.178.247/; sid:900763795; rev:1;) alert tcp $HOME_NET any -> [37.98.114.178] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.98.114.178/; sid:900763794; rev:1;) alert tcp $HOME_NET any -> [189.228.229.106] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.229.106/; sid:900763793; rev:1;) alert tcp $HOME_NET any -> [187.132.35.20] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.132.35.20/; sid:900763792; rev:1;) alert tcp $HOME_NET any -> [200.239.37.237] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.239.37.237/; sid:900763791; rev:1;) alert tcp $HOME_NET any -> [189.170.20.198] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.170.20.198/; sid:900763790; rev:1;) alert tcp $HOME_NET any -> [181.49.96.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.96.250/; sid:900763734; rev:1;) alert tcp $HOME_NET any -> [190.25.54.18] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.25.54.18/; sid:900763733; rev:1;) alert tcp $HOME_NET any -> [148.240.70.74] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.70.74/; sid:900763732; rev:1;) alert tcp $HOME_NET any -> [138.122.96.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.96.100/; sid:900763730; rev:1;) alert tcp $HOME_NET any -> [189.205.123.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.123.101/; sid:900763729; rev:1;) alert tcp $HOME_NET any -> [181.49.236.174] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.236.174/; sid:900763728; rev:1;) alert tcp $HOME_NET any -> [190.160.8.4] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.160.8.4/; sid:900763725; rev:1;) alert tcp $HOME_NET any -> [181.175.23.114] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.23.114/; sid:900763721; rev:1;) alert tcp $HOME_NET any -> [167.0.166.227] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.0.166.227/; sid:900763720; rev:1;) alert tcp $HOME_NET any -> [190.26.98.130] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.26.98.130/; sid:900763718; rev:1;) alert tcp $HOME_NET any -> [138.59.18.169] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.59.18.169/; sid:900763716; rev:1;) alert tcp $HOME_NET any -> [184.68.59.166] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.68.59.166/; sid:900763715; rev:1;) alert tcp $HOME_NET any -> [200.111.255.89] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.111.255.89/; sid:900763714; rev:1;) alert tcp $HOME_NET any -> [200.105.211.46] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.105.211.46/; sid:900763713; rev:1;) alert tcp $HOME_NET any -> [190.154.42.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.154.42.107/; sid:900763711; rev:1;) alert tcp $HOME_NET any -> [45.45.77.43] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.45.77.43/; sid:900763709; rev:1;) alert tcp $HOME_NET any -> [200.117.244.36] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.117.244.36/; sid:900763706; rev:1;) alert tcp $HOME_NET any -> [69.70.238.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.70.238.170/; sid:900763702; rev:1;) alert tcp $HOME_NET any -> [186.70.105.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.70.105.27/; sid:900763701; rev:1;) alert tcp $HOME_NET any -> [24.146.61.59] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.146.61.59/; sid:900763700; rev:1;) alert tcp $HOME_NET any -> [190.158.241.119] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.241.119/; sid:900763698; rev:1;) alert tcp $HOME_NET any -> [190.128.27.233] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.27.233/; sid:900763697; rev:1;) alert tcp $HOME_NET any -> [69.70.236.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.70.236.34/; sid:900763696; rev:1;) alert tcp $HOME_NET any -> [96.21.235.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.21.235.163/; sid:900763695; rev:1;) alert tcp $HOME_NET any -> [142.46.245.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.46.245.2/; sid:900763694; rev:1;) alert tcp $HOME_NET any -> [189.223.4.181] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.4.181/; sid:900763691; rev:1;) alert tcp $HOME_NET any -> [186.71.23.165] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.23.165/; sid:900763690; rev:1;) alert tcp $HOME_NET any -> [201.146.215.137] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.146.215.137/; sid:900763689; rev:1;) alert tcp $HOME_NET any -> [24.66.53.180] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.66.53.180/; sid:900763687; rev:1;) alert tcp $HOME_NET any -> [148.240.65.44] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.65.44/; sid:900763686; rev:1;) alert tcp $HOME_NET any -> [187.155.130.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.130.72/; sid:900763685; rev:1;) alert tcp $HOME_NET any -> [190.183.58.190] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.58.190/; sid:900763684; rev:1;) alert tcp $HOME_NET any -> [81.82.203.76] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.82.203.76/; sid:900763683; rev:1;) alert tcp $HOME_NET any -> [201.194.127.211] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.194.127.211/; sid:900763682; rev:1;) alert tcp $HOME_NET any -> [186.75.241.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.75.241.230/; sid:900761674; rev:1;) alert tcp $HOME_NET any -> [186.19.202.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.202.88/; sid:900761664; rev:1;) alert tcp $HOME_NET any -> [179.8.99.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.8.99.239/; sid:900761657; rev:1;) alert tcp $HOME_NET any -> [119.235.90.232] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.235.90.232/; sid:900761654; rev:1;) alert tcp $HOME_NET any -> [152.231.224.62] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.224.62/; sid:900761644; rev:1;) alert tcp $HOME_NET any -> [85.99.247.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.247.228/; sid:900761636; rev:1;) alert tcp $HOME_NET any -> [201.130.123.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.123.206/; sid:900761620; rev:1;) alert tcp $HOME_NET any -> [189.149.181.61] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.181.61/; sid:900761619; rev:1;) alert tcp $HOME_NET any -> [187.233.137.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.137.90/; sid:900761618; rev:1;) alert tcp $HOME_NET any -> [194.5.250.115] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.115/; sid:900622071; rev:1;) alert tcp $HOME_NET any -> [190.57.232.244] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.57.232.244/; sid:900760781; rev:1;) alert tcp $HOME_NET any -> [201.180.46.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.180.46.22/; sid:900760779; rev:1;) alert tcp $HOME_NET any -> [186.114.207.82] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.114.207.82/; sid:900760777; rev:1;) alert tcp $HOME_NET any -> [181.129.30.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.30.82/; sid:900760775; rev:1;) alert tcp $HOME_NET any -> [181.225.14.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.225.14.209/; sid:900760771; rev:1;) alert tcp $HOME_NET any -> [186.120.159.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.120.159.140/; sid:900760770; rev:1;) alert tcp $HOME_NET any -> [51.148.59.233] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.148.59.233/; sid:900760768; rev:1;) alert tcp $HOME_NET any -> [201.190.204.249] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.190.204.249/; sid:900760766; rev:1;) alert tcp $HOME_NET any -> [186.137.145.245] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.145.245/; sid:900760765; rev:1;) alert tcp $HOME_NET any -> [175.205.73.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.205.73.49/; sid:900760764; rev:1;) alert tcp $HOME_NET any -> [148.103.82.211] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.82.211/; sid:900760763; rev:1;) alert tcp $HOME_NET any -> [24.48.215.63] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.48.215.63/; sid:900760762; rev:1;) alert tcp $HOME_NET any -> [190.72.239.156] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.239.156/; sid:900760761; rev:1;) alert tcp $HOME_NET any -> [89.211.147.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.147.250/; sid:900760760; rev:1;) alert tcp $HOME_NET any -> [109.121.205.213] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.121.205.213/; sid:900760759; rev:1;) alert tcp $HOME_NET any -> [190.97.63.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.63.104/; sid:900760757; rev:1;) alert tcp $HOME_NET any -> [190.247.62.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.247.62.93/; sid:900760756; rev:1;) alert tcp $HOME_NET any -> [207.167.7.141] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.167.7.141/; sid:900760754; rev:1;) alert tcp $HOME_NET any -> [190.98.58.170] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.98.58.170/; sid:900760753; rev:1;) alert tcp $HOME_NET any -> [86.56.233.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.56.233.166/; sid:900760750; rev:1;) alert tcp $HOME_NET any -> [181.189.212.120] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.212.120/; sid:900760749; rev:1;) alert tcp $HOME_NET any -> [186.108.174.175] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.108.174.175/; sid:900760744; rev:1;) alert tcp $HOME_NET any -> [186.113.19.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.19.170/; sid:900760743; rev:1;) alert tcp $HOME_NET any -> [191.92.81.199] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.81.199/; sid:900760742; rev:1;) alert tcp $HOME_NET any -> [184.149.7.49] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.149.7.49/; sid:900760741; rev:1;) alert tcp $HOME_NET any -> [190.183.58.155] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.183.58.155/; sid:900760740; rev:1;) alert tcp $HOME_NET any -> [186.118.161.100] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.118.161.100/; sid:900760738; rev:1;) alert tcp $HOME_NET any -> [190.24.243.186] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.24.243.186/; sid:900760736; rev:1;) alert tcp $HOME_NET any -> [201.212.241.162] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.241.162/; sid:900760735; rev:1;) alert tcp $HOME_NET any -> [186.94.231.146] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.94.231.146/; sid:900760733; rev:1;) alert tcp $HOME_NET any -> [181.58.47.34] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.58.47.34/; sid:900760732; rev:1;) alert tcp $HOME_NET any -> [148.103.7.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.103.7.35/; sid:900760730; rev:1;) alert tcp $HOME_NET any -> [137.74.173.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.173.19/; sid:900760728; rev:1;) alert tcp $HOME_NET any -> [41.32.82.216] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.32.82.216/; sid:900760727; rev:1;) alert tcp $HOME_NET any -> [41.202.77.180] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.202.77.180/; sid:900760726; rev:1;) alert tcp $HOME_NET any -> [217.86.203.2] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.86.203.2/; sid:900760725; rev:1;) alert tcp $HOME_NET any -> [86.42.254.71] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.254.71/; sid:900760724; rev:1;) alert tcp $HOME_NET any -> [193.239.235.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.235.209/; sid:900760723; rev:1;) alert tcp $HOME_NET any -> [189.253.39.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.39.50/; sid:900760721; rev:1;) alert tcp $HOME_NET any -> [128.234.43.30] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.234.43.30/; sid:900760720; rev:1;) alert tcp $HOME_NET any -> [206.248.110.184] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.248.110.184/; sid:900760719; rev:1;) alert tcp $HOME_NET any -> [182.180.170.72] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.170.72/; sid:900760718; rev:1;) alert tcp $HOME_NET any -> [187.163.60.63] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.60.63/; sid:900760660; rev:1;) alert tcp $HOME_NET any -> [170.83.53.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.83.53.71/; sid:900760659; rev:1;) alert tcp $HOME_NET any -> [182.72.25.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.72.25.180/; sid:900760658; rev:1;) alert tcp $HOME_NET any -> [78.189.109.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.109.123/; sid:900760656; rev:1;) alert tcp $HOME_NET any -> [190.104.191.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.191.159/; sid:900760655; rev:1;) alert tcp $HOME_NET any -> [191.99.120.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.99.120.221/; sid:900760654; rev:1;) alert tcp $HOME_NET any -> [187.188.41.242] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.41.242/; sid:900760651; rev:1;) alert tcp $HOME_NET any -> [99.234.216.14] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.234.216.14/; sid:900760650; rev:1;) alert tcp $HOME_NET any -> [186.136.185.11] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.185.11/; sid:900760647; rev:1;) alert tcp $HOME_NET any -> [190.44.204.143] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.44.204.143/; sid:900760646; rev:1;) alert tcp $HOME_NET any -> [77.44.120.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.120.62/; sid:900760644; rev:1;) alert tcp $HOME_NET any -> [186.68.199.71] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.199.71/; sid:900760643; rev:1;) alert tcp $HOME_NET any -> [187.228.133.187] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.228.133.187/; sid:900760642; rev:1;) alert tcp $HOME_NET any -> [54.37.5.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.5.200/; sid:900760640; rev:1;) alert tcp $HOME_NET any -> [94.73.197.123] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.73.197.123/; sid:900760639; rev:1;) alert tcp $HOME_NET any -> [200.43.231.60] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.43.231.60/; sid:900760638; rev:1;) alert tcp $HOME_NET any -> [189.252.30.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.30.160/; sid:900760634; rev:1;) alert tcp $HOME_NET any -> [190.57.130.142] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.57.130.142/; sid:900760633; rev:1;) alert tcp $HOME_NET any -> [187.206.202.129] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.206.202.129/; sid:900760630; rev:1;) alert tcp $HOME_NET any -> [51.77.111.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.111.116/; sid:900760629; rev:1;) alert tcp $HOME_NET any -> [200.58.78.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.78.78/; sid:900760628; rev:1;) alert tcp $HOME_NET any -> [88.253.236.157] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.253.236.157/; sid:900760626; rev:1;) alert tcp $HOME_NET any -> [190.179.117.181] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.179.117.181/; sid:900760624; rev:1;) alert tcp $HOME_NET any -> [181.114.107.154] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.114.107.154/; sid:900760622; rev:1;) alert tcp $HOME_NET any -> [181.59.253.20] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.59.253.20/; sid:900760621; rev:1;) alert tcp $HOME_NET any -> [189.228.123.79] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.123.79/; sid:900760620; rev:1;) alert tcp $HOME_NET any -> [109.170.141.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.170.141.120/; sid:900760619; rev:1;) alert tcp $HOME_NET any -> [179.62.18.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.18.56/; sid:900760618; rev:1;) alert tcp $HOME_NET any -> [158.174.130.145] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.174.130.145/; sid:900760617; rev:1;) alert tcp $HOME_NET any -> [198.46.157.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.157.252/; sid:900760614; rev:1;) alert tcp $HOME_NET any -> [96.20.46.60] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.46.60/; sid:900760613; rev:1;) alert tcp $HOME_NET any -> [181.13.229.35] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.13.229.35/; sid:900760612; rev:1;) alert tcp $HOME_NET any -> [186.19.62.24] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.62.24/; sid:900760611; rev:1;) alert tcp $HOME_NET any -> [189.250.153.215] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.153.215/; sid:900760610; rev:1;) alert tcp $HOME_NET any -> [200.68.61.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.61.242/; sid:900760609; rev:1;) alert tcp $HOME_NET any -> [186.176.25.133] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.25.133/; sid:900760608; rev:1;) alert tcp $HOME_NET any -> [75.159.115.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.159.115.228/; sid:900760607; rev:1;) alert tcp $HOME_NET any -> [190.216.238.62] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.216.238.62/; sid:900760606; rev:1;) alert tcp $HOME_NET any -> [200.125.113.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.113.60/; sid:900760605; rev:1;) alert tcp $HOME_NET any -> [105.210.6.67] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.210.6.67/; sid:900760604; rev:1;) alert tcp $HOME_NET any -> [74.58.188.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.58.188.22/; sid:900759365; rev:1;) alert tcp $HOME_NET any -> [182.184.108.234] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.184.108.234/; sid:900759364; rev:1;) alert tcp $HOME_NET any -> [106.51.0.205] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.0.205/; sid:900759361; rev:1;) alert tcp $HOME_NET any -> [5.239.240.88] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.239.240.88/; sid:900759360; rev:1;) alert tcp $HOME_NET any -> [101.229.131.245] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.229.131.245/; sid:900759359; rev:1;) alert tcp $HOME_NET any -> [27.0.180.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.0.180.40/; sid:900759356; rev:1;) alert tcp $HOME_NET any -> [114.79.134.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.134.49/; sid:900759355; rev:1;) alert tcp $HOME_NET any -> [50.99.132.7] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.99.132.7/; sid:900759351; rev:1;) alert tcp $HOME_NET any -> [176.74.89.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.74.89.66/; sid:900759350; rev:1;) alert tcp $HOME_NET any -> [85.99.124.9] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.124.9/; sid:900759349; rev:1;) alert tcp $HOME_NET any -> [203.213.236.70] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.213.236.70/; sid:900759348; rev:1;) alert tcp $HOME_NET any -> [111.235.148.46] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.235.148.46/; sid:900759346; rev:1;) alert tcp $HOME_NET any -> [83.110.212.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.212.100/; sid:900759345; rev:1;) alert tcp $HOME_NET any -> [175.101.89.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.101.89.66/; sid:900759344; rev:1;) alert tcp $HOME_NET any -> [179.13.73.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.13.73.220/; sid:900759340; rev:1;) alert tcp $HOME_NET any -> [175.32.123.78] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.32.123.78/; sid:900759338; rev:1;) alert tcp $HOME_NET any -> [83.110.108.213] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.108.213/; sid:900759336; rev:1;) alert tcp $HOME_NET any -> [5.128.151.213] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.128.151.213/; sid:900759335; rev:1;) alert tcp $HOME_NET any -> [187.199.129.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.129.111/; sid:900759334; rev:1;) alert tcp $HOME_NET any -> [105.174.6.174] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.174.6.174/; sid:900759333; rev:1;) alert tcp $HOME_NET any -> [113.193.254.82] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.193.254.82/; sid:900759330; rev:1;) alert tcp $HOME_NET any -> [14.192.144.194] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.192.144.194/; sid:900759328; rev:1;) alert tcp $HOME_NET any -> [211.138.24.144] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.138.24.144/; sid:900759326; rev:1;) alert tcp $HOME_NET any -> [197.83.236.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.83.236.18/; sid:900759325; rev:1;) alert tcp $HOME_NET any -> [190.147.44.151] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.44.151/; sid:900759323; rev:1;) alert tcp $HOME_NET any -> [58.239.33.5] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.239.33.5/; sid:900759321; rev:1;) alert tcp $HOME_NET any -> [185.129.92.210] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.129.92.210/; sid:900759320; rev:1;) alert tcp $HOME_NET any -> [50.31.0.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.31.0.160/; sid:900759318; rev:1;) alert tcp $HOME_NET any -> [189.252.174.81] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.174.81/; sid:900759317; rev:1;) alert tcp $HOME_NET any -> [180.232.133.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.232.133.50/; sid:900759316; rev:1;) alert tcp $HOME_NET any -> [103.108.204.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.108.204.93/; sid:900759315; rev:1;) alert tcp $HOME_NET any -> [70.81.33.80] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.81.33.80/; sid:900759314; rev:1;) alert tcp $HOME_NET any -> [179.53.156.88] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.53.156.88/; sid:900759313; rev:1;) alert tcp $HOME_NET any -> [187.192.58.207] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.58.207/; sid:900759312; rev:1;) alert tcp $HOME_NET any -> [93.107.126.157] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.107.126.157/; sid:900759311; rev:1;) alert tcp $HOME_NET any -> [41.216.165.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.216.165.122/; sid:900759310; rev:1;) alert tcp $HOME_NET any -> [100.42.20.148] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.42.20.148/; sid:900759309; rev:1;) alert tcp $HOME_NET any -> [182.176.106.43] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.106.43/; sid:900759308; rev:1;) alert tcp $HOME_NET any -> [101.0.108.0] 25600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.0.108.0/; sid:900759092; rev:1;) alert tcp $HOME_NET any -> [116.0.115.0] 24832 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.115.0/; sid:900759091; rev:1;) alert tcp $HOME_NET any -> [32.0.110.0] 26880 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.0.110.0/; sid:900759090; rev:1;) alert tcp $HOME_NET any -> [98.0.32.0] 25856 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.0.32.0/; sid:900759089; rev:1;) alert tcp $HOME_NET any -> [97.0.101.0] 25600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.0.101.0/; sid:900759088; rev:1;) alert tcp $HOME_NET any -> [97.0.32.0] 27648 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.0.32.0/; sid:900759087; rev:1;) alert tcp $HOME_NET any -> [104.0.32.0] 24832 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.0.32.0/; sid:900759086; rev:1;) alert tcp $HOME_NET any -> [116.0.105.0] 28416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.0.105.0/; sid:900759085; rev:1;) alert tcp $HOME_NET any -> [109.0.32.0] 28416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.0.32.0/; sid:900759084; rev:1;) alert tcp $HOME_NET any -> [105.0.114.0] 28160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.0.114.0/; sid:900759083; rev:1;) alert tcp $HOME_NET any -> [100.0.101.0] 8192 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.0.101.0/; sid:900759082; rev:1;) alert tcp $HOME_NET any -> [12.36.68.139] 19595 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.36.68.139/; sid:900757216; rev:1;) alert tcp $HOME_NET any -> [181.129.93.226] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.93.226/; sid:900622027; rev:1;) alert tcp $HOME_NET any -> [181.171.28.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.28.140/; sid:900756111; rev:1;) alert tcp $HOME_NET any -> [86.122.149.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.122.149.86/; sid:900756110; rev:1;) alert tcp $HOME_NET any -> [200.24.248.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.24.248.194/; sid:900756108; rev:1;) alert tcp $HOME_NET any -> [78.186.26.189] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.26.189/; sid:900756107; rev:1;) alert tcp $HOME_NET any -> [200.50.177.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.177.218/; sid:900756105; rev:1;) alert tcp $HOME_NET any -> [94.63.172.7] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.63.172.7/; sid:900756104; rev:1;) alert tcp $HOME_NET any -> [217.145.83.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.145.83.44/; sid:900756098; rev:1;) alert tcp $HOME_NET any -> [105.225.161.70] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.161.70/; sid:900756096; rev:1;) alert tcp $HOME_NET any -> [87.201.127.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.201.127.70/; sid:900756093; rev:1;) alert tcp $HOME_NET any -> [187.247.125.144] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.247.125.144/; sid:900756091; rev:1;) alert tcp $HOME_NET any -> [86.98.71.253] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.71.253/; sid:900756090; rev:1;) alert tcp $HOME_NET any -> [45.224.52.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.224.52.174/; sid:900756088; rev:1;) alert tcp $HOME_NET any -> [197.88.29.182] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.88.29.182/; sid:900756087; rev:1;) alert tcp $HOME_NET any -> [59.23.248.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.23.248.48/; sid:900756086; rev:1;) alert tcp $HOME_NET any -> [105.226.195.36] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.195.36/; sid:900756081; rev:1;) alert tcp $HOME_NET any -> [105.184.219.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.219.102/; sid:900756080; rev:1;) alert tcp $HOME_NET any -> [83.103.164.123] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.103.164.123/; sid:900756079; rev:1;) alert tcp $HOME_NET any -> [117.197.124.51] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.197.124.51/; sid:900756076; rev:1;) alert tcp $HOME_NET any -> [85.54.169.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.54.169.141/; sid:900756075; rev:1;) alert tcp $HOME_NET any -> [220.123.35.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.123.35.12/; sid:900756073; rev:1;) alert tcp $HOME_NET any -> [194.183.83.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.183.83.82/; sid:900756072; rev:1;) alert tcp $HOME_NET any -> [189.213.205.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.205.70/; sid:900756071; rev:1;) alert tcp $HOME_NET any -> [175.195.100.9] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.195.100.9/; sid:900756070; rev:1;) alert tcp $HOME_NET any -> [194.85.67.180] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.85.67.180/; sid:900756068; rev:1;) alert tcp $HOME_NET any -> [173.252.33.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.252.33.186/; sid:900756067; rev:1;) alert tcp $HOME_NET any -> [208.78.100.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.78.100.202/; sid:900756066; rev:1;) alert tcp $HOME_NET any -> [45.63.17.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.63.17.206/; sid:900756065; rev:1;) alert tcp $HOME_NET any -> [186.46.255.217] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.255.217/; sid:900756064; rev:1;) alert tcp $HOME_NET any -> [24.51.106.145] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.51.106.145/; sid:900756063; rev:1;) alert tcp $HOME_NET any -> [196.210.47.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.210.47.216/; sid:900756062; rev:1;) alert tcp $HOME_NET any -> [96.22.189.104] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.22.189.104/; sid:900756061; rev:1;) alert tcp $HOME_NET any -> [118.175.93.254] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.175.93.254/; sid:900756060; rev:1;) alert tcp $HOME_NET any -> [187.144.78.190] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.78.190/; sid:900756059; rev:1;) alert tcp $HOME_NET any -> [59.102.162.246] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.102.162.246/; sid:900756058; rev:1;) alert tcp $HOME_NET any -> [186.67.88.242] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.67.88.242/; sid:900756057; rev:1;) alert tcp $HOME_NET any -> [189.129.160.167] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.160.167/; sid:900756056; rev:1;) alert tcp $HOME_NET any -> [190.138.221.70] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.221.70/; sid:900756055; rev:1;) alert tcp $HOME_NET any -> [212.81.22.231] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.81.22.231/; sid:900756053; rev:1;) alert tcp $HOME_NET any -> [190.245.10.162] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.10.162/; sid:900756049; rev:1;) alert tcp $HOME_NET any -> [200.86.246.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.86.246.50/; sid:900756046; rev:1;) alert tcp $HOME_NET any -> [189.208.126.53] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.126.53/; sid:900756043; rev:1;) alert tcp $HOME_NET any -> [190.195.169.170] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.169.170/; sid:900756035; rev:1;) alert tcp $HOME_NET any -> [190.25.255.98] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.25.255.98/; sid:900756030; rev:1;) alert tcp $HOME_NET any -> [187.137.111.0] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.111.0/; sid:900756024; rev:1;) alert tcp $HOME_NET any -> [189.190.40.163] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.40.163/; sid:900756022; rev:1;) alert tcp $HOME_NET any -> [181.54.202.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.202.80/; sid:900756020; rev:1;) alert tcp $HOME_NET any -> [187.192.133.210] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.133.210/; sid:900756017; rev:1;) alert tcp $HOME_NET any -> [31.193.130.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.193.130.187/; sid:900756016; rev:1;) alert tcp $HOME_NET any -> [185.38.216.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.38.216.84/; sid:900756012; rev:1;) alert tcp $HOME_NET any -> [72.47.248.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.248.48/; sid:900756007; rev:1;) alert tcp $HOME_NET any -> [189.173.4.161] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.4.161/; sid:900756006; rev:1;) alert tcp $HOME_NET any -> [186.129.174.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.129.174.150/; sid:900756005; rev:1;) alert tcp $HOME_NET any -> [189.250.100.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.100.248/; sid:900756004; rev:1;) alert tcp $HOME_NET any -> [186.90.155.228] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.155.228/; sid:900756003; rev:1;) alert tcp $HOME_NET any -> [201.103.81.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.103.81.129/; sid:900756002; rev:1;) alert tcp $HOME_NET any -> [189.159.119.242] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.119.242/; sid:900756001; rev:1;) alert tcp $HOME_NET any -> [200.43.114.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.43.114.10/; sid:900756000; rev:1;) alert tcp $HOME_NET any -> [178.201.186.245] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.201.186.245/; sid:900755999; rev:1;) alert tcp $HOME_NET any -> [190.55.123.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.123.250/; sid:900755998; rev:1;) alert tcp $HOME_NET any -> [190.146.158.142] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.158.142/; sid:900755997; rev:1;) alert tcp $HOME_NET any -> [116.112.111.32] 28521 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.112.111.32/; sid:900755705; rev:1;) alert tcp $HOME_NET any -> [46.121.114.97] 21514 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.121.114.97/; sid:900755704; rev:1;) alert tcp $HOME_NET any -> [99.105.100.32] 26996 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.105.100.32/; sid:900755703; rev:1;) alert tcp $HOME_NET any -> [97.32.116.99] 25710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.116.99/; sid:900755702; rev:1;) alert tcp $HOME_NET any -> [32.101.100.111] 25199 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.101.100.111/; sid:900755701; rev:1;) alert tcp $HOME_NET any -> [122.176.109.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.176.109.10/; sid:900752888; rev:1;) alert tcp $HOME_NET any -> [117.247.233.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.247.233.82/; sid:900752887; rev:1;) alert tcp $HOME_NET any -> [183.82.112.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.112.154/; sid:900752882; rev:1;) alert tcp $HOME_NET any -> [217.165.2.29] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.2.29/; sid:900752880; rev:1;) alert tcp $HOME_NET any -> [186.90.227.239] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.227.239/; sid:900752879; rev:1;) alert tcp $HOME_NET any -> [58.65.178.100] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.65.178.100/; sid:900752878; rev:1;) alert tcp $HOME_NET any -> [27.96.91.73] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.96.91.73/; sid:900752877; rev:1;) alert tcp $HOME_NET any -> [109.129.2.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.129.2.50/; sid:900752876; rev:1;) alert tcp $HOME_NET any -> [2.50.183.165] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.183.165/; sid:900752875; rev:1;) alert tcp $HOME_NET any -> [211.248.17.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.248.17.209/; sid:900752873; rev:1;) alert tcp $HOME_NET any -> [190.228.72.180] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.228.72.180/; sid:900752872; rev:1;) alert tcp $HOME_NET any -> [187.144.76.174] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.76.174/; sid:900752867; rev:1;) alert tcp $HOME_NET any -> [196.209.233.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.209.233.234/; sid:900752866; rev:1;) alert tcp $HOME_NET any -> [190.147.100.8] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.100.8/; sid:900752865; rev:1;) alert tcp $HOME_NET any -> [123.136.174.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.136.174.52/; sid:900752860; rev:1;) alert tcp $HOME_NET any -> [189.149.3.197] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.3.197/; sid:900752859; rev:1;) alert tcp $HOME_NET any -> [115.93.16.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.93.16.173/; sid:900752858; rev:1;) alert tcp $HOME_NET any -> [121.74.198.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.74.198.58/; sid:900752857; rev:1;) alert tcp $HOME_NET any -> [190.109.223.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.223.50/; sid:900752853; rev:1;) alert tcp $HOME_NET any -> [118.69.35.66] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.69.35.66/; sid:900752852; rev:1;) alert tcp $HOME_NET any -> [27.147.163.188] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.147.163.188/; sid:900752851; rev:1;) alert tcp $HOME_NET any -> [147.83.156.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.83.156.162/; sid:900752848; rev:1;) alert tcp $HOME_NET any -> [190.0.1.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.1.30/; sid:900752847; rev:1;) alert tcp $HOME_NET any -> [186.4.165.50] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.165.50/; sid:900752846; rev:1;) alert tcp $HOME_NET any -> [190.94.79.239] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.94.79.239/; sid:900752845; rev:1;) alert tcp $HOME_NET any -> [183.82.120.85] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.120.85/; sid:900752844; rev:1;) alert tcp $HOME_NET any -> [189.194.250.74] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.194.250.74/; sid:900752843; rev:1;) alert tcp $HOME_NET any -> [189.230.124.74] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.230.124.74/; sid:900752842; rev:1;) alert tcp $HOME_NET any -> [181.119.30.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.119.30.25/; sid:900752840; rev:1;) alert tcp $HOME_NET any -> [148.243.206.110] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.243.206.110/; sid:900752839; rev:1;) alert tcp $HOME_NET any -> [218.105.184.93] 36275 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.105.184.93/; sid:900752398; rev:1;) alert tcp $HOME_NET any -> [100.231.103.203] 61235 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.231.103.203/; sid:900752397; rev:1;) alert tcp $HOME_NET any -> [201.248.14.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.14.67/; sid:900752289; rev:1;) alert tcp $HOME_NET any -> [125.130.72.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.130.72.105/; sid:900752270; rev:1;) alert tcp $HOME_NET any -> [181.31.246.152] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.246.152/; sid:900752266; rev:1;) alert tcp $HOME_NET any -> [116.240.3.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.240.3.27/; sid:900752265; rev:1;) alert tcp $HOME_NET any -> [186.150.202.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.202.242/; sid:900752245; rev:1;) alert tcp $HOME_NET any -> [190.190.101.38] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.190.101.38/; sid:900752243; rev:1;) alert tcp $HOME_NET any -> [31.53.229.122] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.53.229.122/; sid:900752229; rev:1;) alert tcp $HOME_NET any -> [181.45.45.132] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.45.45.132/; sid:900752228; rev:1;) alert tcp $HOME_NET any -> [181.211.11.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.11.171/; sid:900752227; rev:1;) alert tcp $HOME_NET any -> [190.226.34.8] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.226.34.8/; sid:900752225; rev:1;) alert tcp $HOME_NET any -> [186.15.66.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.66.98/; sid:900752224; rev:1;) alert tcp $HOME_NET any -> [200.83.21.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.83.21.5/; sid:900752222; rev:1;) alert tcp $HOME_NET any -> [24.53.3.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.53.3.10/; sid:900752221; rev:1;) alert tcp $HOME_NET any -> [69.158.10.125] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.158.10.125/; sid:900752220; rev:1;) alert tcp $HOME_NET any -> [24.222.22.58] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.222.22.58/; sid:900752219; rev:1;) alert tcp $HOME_NET any -> [45.73.27.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.27.218/; sid:900752216; rev:1;) alert tcp $HOME_NET any -> [95.9.248.89] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.248.89/; sid:900752214; rev:1;) alert tcp $HOME_NET any -> [66.50.57.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.50.57.73/; sid:900752210; rev:1;) alert tcp $HOME_NET any -> [189.225.146.180] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.146.180/; sid:900752209; rev:1;) alert tcp $HOME_NET any -> [189.129.134.124] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.134.124/; sid:900752208; rev:1;) alert tcp $HOME_NET any -> [200.54.18.162] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.54.18.162/; sid:900752207; rev:1;) alert tcp $HOME_NET any -> [181.164.8.8] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.8.8/; sid:900752206; rev:1;) alert tcp $HOME_NET any -> [187.163.177.194] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.177.194/; sid:900752205; rev:1;) alert tcp $HOME_NET any -> [216.244.228.62] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.244.228.62/; sid:900752204; rev:1;) alert tcp $HOME_NET any -> [189.146.157.111] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.146.157.111/; sid:900752203; rev:1;) alert tcp $HOME_NET any -> [190.10.220.92] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.220.92/; sid:900752202; rev:1;) alert tcp $HOME_NET any -> [187.158.112.43] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.158.112.43/; sid:900752201; rev:1;) alert tcp $HOME_NET any -> [201.245.184.16] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.245.184.16/; sid:900749547; rev:1;) alert tcp $HOME_NET any -> [80.44.121.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.44.121.62/; sid:900749546; rev:1;) alert tcp $HOME_NET any -> [45.167.12.22] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.167.12.22/; sid:900749542; rev:1;) alert tcp $HOME_NET any -> [105.184.237.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.237.83/; sid:900749535; rev:1;) alert tcp $HOME_NET any -> [78.189.173.217] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.173.217/; sid:900749534; rev:1;) alert tcp $HOME_NET any -> [201.143.82.199] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.143.82.199/; sid:900749529; rev:1;) alert tcp $HOME_NET any -> [182.73.147.218] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.73.147.218/; sid:900749528; rev:1;) alert tcp $HOME_NET any -> [105.184.106.99] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.106.99/; sid:900749525; rev:1;) alert tcp $HOME_NET any -> [151.237.16.5] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.16.5/; sid:900749522; rev:1;) alert tcp $HOME_NET any -> [178.209.71.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.209.71.63/; sid:900749520; rev:1;) alert tcp $HOME_NET any -> [88.249.181.174] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.181.174/; sid:900749519; rev:1;) alert tcp $HOME_NET any -> [27.109.116.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.116.48/; sid:900749515; rev:1;) alert tcp $HOME_NET any -> [187.163.91.104] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.91.104/; sid:900749510; rev:1;) alert tcp $HOME_NET any -> [190.17.173.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.173.58/; sid:900749509; rev:1;) alert tcp $HOME_NET any -> [120.63.148.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.63.148.9/; sid:900749508; rev:1;) alert tcp $HOME_NET any -> [201.111.29.109] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.111.29.109/; sid:900749507; rev:1;) alert tcp $HOME_NET any -> [187.135.141.61] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.141.61/; sid:900749506; rev:1;) alert tcp $HOME_NET any -> [178.92.73.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.92.73.34/; sid:900749505; rev:1;) alert tcp $HOME_NET any -> [187.235.145.190] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.235.145.190/; sid:900749504; rev:1;) alert tcp $HOME_NET any -> [94.59.80.100] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.80.100/; sid:900749503; rev:1;) alert tcp $HOME_NET any -> [201.230.255.100] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.230.255.100/; sid:900749502; rev:1;) alert tcp $HOME_NET any -> [187.207.58.148] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.58.148/; sid:900749501; rev:1;) alert tcp $HOME_NET any -> [201.235.65.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.235.65.61/; sid:900747250; rev:1;) alert tcp $HOME_NET any -> [204.13.253.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.13.253.141/; sid:900747247; rev:1;) alert tcp $HOME_NET any -> [189.155.150.137] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.150.137/; sid:900747245; rev:1;) alert tcp $HOME_NET any -> [200.93.90.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.93.90.133/; sid:900747244; rev:1;) alert tcp $HOME_NET any -> [201.110.118.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.110.118.102/; sid:900747243; rev:1;) alert tcp $HOME_NET any -> [190.52.161.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.52.161.1/; sid:900747242; rev:1;) alert tcp $HOME_NET any -> [181.57.230.186] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.230.186/; sid:900747238; rev:1;) alert tcp $HOME_NET any -> [190.210.223.238] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.223.238/; sid:900747237; rev:1;) alert tcp $HOME_NET any -> [85.99.104.112] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.99.104.112/; sid:900747236; rev:1;) alert tcp $HOME_NET any -> [200.68.111.81] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.111.81/; sid:900747234; rev:1;) alert tcp $HOME_NET any -> [179.41.14.199] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.41.14.199/; sid:900747233; rev:1;) alert tcp $HOME_NET any -> [190.60.225.114] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.60.225.114/; sid:900747232; rev:1;) alert tcp $HOME_NET any -> [190.10.159.242] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.10.159.242/; sid:900747231; rev:1;) alert tcp $HOME_NET any -> [178.62.37.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.62.37.188/; sid:900747229; rev:1;) alert tcp $HOME_NET any -> [180.92.239.110] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.92.239.110/; sid:900747228; rev:1;) alert tcp $HOME_NET any -> [190.120.195.162] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.120.195.162/; sid:900747225; rev:1;) alert tcp $HOME_NET any -> [83.110.19.147] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.19.147/; sid:900747224; rev:1;) alert tcp $HOME_NET any -> [24.232.79.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.79.140/; sid:900747223; rev:1;) alert tcp $HOME_NET any -> [181.143.91.186] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.91.186/; sid:900747220; rev:1;) alert tcp $HOME_NET any -> [187.207.186.161] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.186.161/; sid:900747219; rev:1;) alert tcp $HOME_NET any -> [37.187.159.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.159.59/; sid:900747218; rev:1;) alert tcp $HOME_NET any -> [216.8.148.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.8.148.141/; sid:900747216; rev:1;) alert tcp $HOME_NET any -> [190.17.160.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.160.28/; sid:900747215; rev:1;) alert tcp $HOME_NET any -> [190.167.214.75] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.167.214.75/; sid:900747214; rev:1;) alert tcp $HOME_NET any -> [62.75.191.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.191.231/; sid:900747211; rev:1;) alert tcp $HOME_NET any -> [41.75.132.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.75.132.231/; sid:900747210; rev:1;) alert tcp $HOME_NET any -> [189.244.154.169] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.154.169/; sid:900747209; rev:1;) alert tcp $HOME_NET any -> [86.217.148.38] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.217.148.38/; sid:900747208; rev:1;) alert tcp $HOME_NET any -> [190.103.30.186] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.103.30.186/; sid:900747207; rev:1;) alert tcp $HOME_NET any -> [181.143.194.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.194.138/; sid:900747206; rev:1;) alert tcp $HOME_NET any -> [177.242.215.65] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.215.65/; sid:900747205; rev:1;) alert tcp $HOME_NET any -> [81.130.209.250] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.130.209.250/; sid:900747204; rev:1;) alert tcp $HOME_NET any -> [190.6.24.248] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.24.248/; sid:900747203; rev:1;) alert tcp $HOME_NET any -> [201.130.151.95] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.130.151.95/; sid:900747202; rev:1;) alert tcp $HOME_NET any -> [70.55.70.147] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.70.147/; sid:900747201; rev:1;) alert tcp $HOME_NET any -> [60.54.121.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.54.121.215/; sid:900746589; rev:1;) alert tcp $HOME_NET any -> [210.19.41.87] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.19.41.87/; sid:900746587; rev:1;) alert tcp $HOME_NET any -> [139.13.91.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.91.136/; sid:900746586; rev:1;) alert tcp $HOME_NET any -> [186.16.203.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.16.203.150/; sid:900746584; rev:1;) alert tcp $HOME_NET any -> [86.98.65.187] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.65.187/; sid:900746583; rev:1;) alert tcp $HOME_NET any -> [181.61.253.90] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.253.90/; sid:900746582; rev:1;) alert tcp $HOME_NET any -> [139.13.91.149] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.91.149/; sid:900746581; rev:1;) alert tcp $HOME_NET any -> [200.71.112.158] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.112.158/; sid:900746580; rev:1;) alert tcp $HOME_NET any -> [201.231.70.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.70.72/; sid:900746578; rev:1;) alert tcp $HOME_NET any -> [189.163.44.44] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.44.44/; sid:900746576; rev:1;) alert tcp $HOME_NET any -> [201.200.3.74] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.200.3.74/; sid:900746575; rev:1;) alert tcp $HOME_NET any -> [181.46.46.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.46.46.49/; sid:900746572; rev:1;) alert tcp $HOME_NET any -> [80.12.84.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.12.84.86/; sid:900746571; rev:1;) alert tcp $HOME_NET any -> [181.48.239.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.239.3/; sid:900746570; rev:1;) alert tcp $HOME_NET any -> [200.113.106.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.106.18/; sid:900746568; rev:1;) alert tcp $HOME_NET any -> [81.86.206.166] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.86.206.166/; sid:900746567; rev:1;) alert tcp $HOME_NET any -> [190.210.236.237] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.236.237/; sid:900746566; rev:1;) alert tcp $HOME_NET any -> [183.82.34.65] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.34.65/; sid:900746562; rev:1;) alert tcp $HOME_NET any -> [190.220.19.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.220.19.82/; sid:900746560; rev:1;) alert tcp $HOME_NET any -> [78.187.52.65] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.52.65/; sid:900746559; rev:1;) alert tcp $HOME_NET any -> [216.252.83.23] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.252.83.23/; sid:900746558; rev:1;) alert tcp $HOME_NET any -> [79.127.57.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.127.57.42/; sid:900746557; rev:1;) alert tcp $HOME_NET any -> [169.0.47.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.47.103/; sid:900746556; rev:1;) alert tcp $HOME_NET any -> [79.98.31.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.98.31.206/; sid:900746555; rev:1;) alert tcp $HOME_NET any -> [186.190.192.84] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.190.192.84/; sid:900746554; rev:1;) alert tcp $HOME_NET any -> [69.163.33.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.163.33.82/; sid:900746552; rev:1;) alert tcp $HOME_NET any -> [139.13.92.63] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.92.63/; sid:900746551; rev:1;) alert tcp $HOME_NET any -> [181.167.49.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.49.76/; sid:900746550; rev:1;) alert tcp $HOME_NET any -> [189.154.188.33] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.188.33/; sid:900746549; rev:1;) alert tcp $HOME_NET any -> [79.66.242.43] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.66.242.43/; sid:900746548; rev:1;) alert tcp $HOME_NET any -> [181.169.58.108] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.169.58.108/; sid:900746547; rev:1;) alert tcp $HOME_NET any -> [139.13.84.107] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.84.107/; sid:900746546; rev:1;) alert tcp $HOME_NET any -> [154.120.231.114] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.231.114/; sid:900746544; rev:1;) alert tcp $HOME_NET any -> [187.200.132.53] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.200.132.53/; sid:900746543; rev:1;) alert tcp $HOME_NET any -> [187.163.213.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.213.124/; sid:900746542; rev:1;) alert tcp $HOME_NET any -> [97.32.110.101] 25710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.32.110.101/; sid:900746048; rev:1;) alert tcp $HOME_NET any -> [206.5.160.235] 5657 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.5.160.235/; sid:900741170; rev:1;) alert tcp $HOME_NET any -> [106.51.37.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.37.192/; sid:900738854; rev:1;) alert tcp $HOME_NET any -> [2.50.53.185] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.53.185/; sid:900738848; rev:1;) alert tcp $HOME_NET any -> [88.249.120.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.120.191/; sid:900738846; rev:1;) alert tcp $HOME_NET any -> [105.224.105.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.105.73/; sid:900738827; rev:1;) alert tcp $HOME_NET any -> [183.82.104.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.104.81/; sid:900738825; rev:1;) alert tcp $HOME_NET any -> [190.202.166.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.202.166.164/; sid:900734353; rev:1;) alert tcp $HOME_NET any -> [190.19.178.131] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.178.131/; sid:900734351; rev:1;) alert tcp $HOME_NET any -> [201.183.225.39] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.225.39/; sid:900734350; rev:1;) alert tcp $HOME_NET any -> [103.91.228.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.91.228.3/; sid:900734347; rev:1;) alert tcp $HOME_NET any -> [189.159.150.1] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.150.1/; sid:900734346; rev:1;) alert tcp $HOME_NET any -> [186.149.140.55] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.149.140.55/; sid:900734345; rev:1;) alert tcp $HOME_NET any -> [103.251.141.42] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.251.141.42/; sid:900734344; rev:1;) alert tcp $HOME_NET any -> [187.177.166.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.166.183/; sid:900734341; rev:1;) alert tcp $HOME_NET any -> [152.231.109.201] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.109.201/; sid:900734340; rev:1;) alert tcp $HOME_NET any -> [190.44.153.169] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.44.153.169/; sid:900734336; rev:1;) alert tcp $HOME_NET any -> [201.228.78.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.228.78.117/; sid:900734334; rev:1;) alert tcp $HOME_NET any -> [221.4.142.41] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.4.142.41/; sid:900734329; rev:1;) alert tcp $HOME_NET any -> [91.183.108.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.183.108.184/; sid:900734328; rev:1;) alert tcp $HOME_NET any -> [152.168.249.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.249.64/; sid:900734325; rev:1;) alert tcp $HOME_NET any -> [200.6.186.36] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.6.186.36/; sid:900734323; rev:1;) alert tcp $HOME_NET any -> [190.136.177.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.136.177.34/; sid:900734321; rev:1;) alert tcp $HOME_NET any -> [83.110.153.207] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.153.207/; sid:900734320; rev:1;) alert tcp $HOME_NET any -> [190.230.171.15] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.171.15/; sid:900734319; rev:1;) alert tcp $HOME_NET any -> [5.187.152.115] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.187.152.115/; sid:900734318; rev:1;) alert tcp $HOME_NET any -> [190.138.220.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.220.6/; sid:900734317; rev:1;) alert tcp $HOME_NET any -> [181.197.14.204] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.14.204/; sid:900734314; rev:1;) alert tcp $HOME_NET any -> [187.232.87.141] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.232.87.141/; sid:900734313; rev:1;) alert tcp $HOME_NET any -> [85.75.118.245] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.75.118.245/; sid:900734312; rev:1;) alert tcp $HOME_NET any -> [190.186.38.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.38.22/; sid:900734311; rev:1;) alert tcp $HOME_NET any -> [181.177.213.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.177.213.144/; sid:900734310; rev:1;) alert tcp $HOME_NET any -> [181.39.166.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.166.254/; sid:900734309; rev:1;) alert tcp $HOME_NET any -> [181.143.126.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.126.170/; sid:900734308; rev:1;) alert tcp $HOME_NET any -> [94.70.164.109] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.70.164.109/; sid:900734307; rev:1;) alert tcp $HOME_NET any -> [190.186.42.98] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.42.98/; sid:900734306; rev:1;) alert tcp $HOME_NET any -> [217.165.127.208] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.127.208/; sid:900734305; rev:1;) alert tcp $HOME_NET any -> [190.210.33.41] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.33.41/; sid:900733153; rev:1;) alert tcp $HOME_NET any -> [64.39.179.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.39.179.131/; sid:900733152; rev:1;) alert tcp $HOME_NET any -> [212.99.204.114] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.99.204.114/; sid:900733151; rev:1;) alert tcp $HOME_NET any -> [201.231.77.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.77.11/; sid:900733149; rev:1;) alert tcp $HOME_NET any -> [190.104.233.88] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.233.88/; sid:900733147; rev:1;) alert tcp $HOME_NET any -> [190.147.247.215] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.247.215/; sid:900733146; rev:1;) alert tcp $HOME_NET any -> [5.44.210.163] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.44.210.163/; sid:900733144; rev:1;) alert tcp $HOME_NET any -> [189.163.192.252] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.163.192.252/; sid:900733142; rev:1;) alert tcp $HOME_NET any -> [187.163.143.13] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.143.13/; sid:900733140; rev:1;) alert tcp $HOME_NET any -> [181.39.96.86] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.96.86/; sid:900733139; rev:1;) alert tcp $HOME_NET any -> [200.84.36.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.84.36.201/; sid:900733138; rev:1;) alert tcp $HOME_NET any -> [92.11.254.135] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.11.254.135/; sid:900733136; rev:1;) alert tcp $HOME_NET any -> [200.52.206.246] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.52.206.246/; sid:900733135; rev:1;) alert tcp $HOME_NET any -> [190.72.254.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.254.66/; sid:900733132; rev:1;) alert tcp $HOME_NET any -> [181.166.88.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.166.88.217/; sid:900733131; rev:1;) alert tcp $HOME_NET any -> [200.68.68.153] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.68.68.153/; sid:900733130; rev:1;) alert tcp $HOME_NET any -> [81.214.63.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.214.63.242/; sid:900733127; rev:1;) alert tcp $HOME_NET any -> [190.245.191.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.191.156/; sid:900733126; rev:1;) alert tcp $HOME_NET any -> [189.222.109.159] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.222.109.159/; sid:900733124; rev:1;) alert tcp $HOME_NET any -> [186.24.240.240] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.24.240.240/; sid:900733123; rev:1;) alert tcp $HOME_NET any -> [169.0.100.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.0.100.48/; sid:900733121; rev:1;) alert tcp $HOME_NET any -> [190.158.224.107] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.224.107/; sid:900733118; rev:1;) alert tcp $HOME_NET any -> [190.171.237.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.237.189/; sid:900733117; rev:1;) alert tcp $HOME_NET any -> [190.245.107.73] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.245.107.73/; sid:900733116; rev:1;) alert tcp $HOME_NET any -> [189.149.12.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.149.12.180/; sid:900733115; rev:1;) alert tcp $HOME_NET any -> [186.137.231.77] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.137.231.77/; sid:900733114; rev:1;) alert tcp $HOME_NET any -> [189.203.177.52] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.203.177.52/; sid:900733113; rev:1;) alert tcp $HOME_NET any -> [200.127.231.105] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.231.105/; sid:900733112; rev:1;) alert tcp $HOME_NET any -> [189.228.101.204] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.228.101.204/; sid:900733111; rev:1;) alert tcp $HOME_NET any -> [139.13.93.50] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.93.50/; sid:900733110; rev:1;) alert tcp $HOME_NET any -> [201.214.147.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.214.147.166/; sid:900733109; rev:1;) alert tcp $HOME_NET any -> [185.222.202.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.21/; sid:900622142; rev:1;) alert tcp $HOME_NET any -> [200.124.27.202] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.124.27.202/; sid:900730282; rev:1;) alert tcp $HOME_NET any -> [95.70.224.237] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.70.224.237/; sid:900730281; rev:1;) alert tcp $HOME_NET any -> [189.131.47.159] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.47.159/; sid:900730280; rev:1;) alert tcp $HOME_NET any -> [186.159.122.233] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.122.233/; sid:900730276; rev:1;) alert tcp $HOME_NET any -> [169.1.71.215] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.1.71.215/; sid:900730274; rev:1;) alert tcp $HOME_NET any -> [86.98.53.59] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.53.59/; sid:900730271; rev:1;) alert tcp $HOME_NET any -> [179.50.131.35] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.50.131.35/; sid:900730270; rev:1;) alert tcp $HOME_NET any -> [187.193.117.191] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.193.117.191/; sid:900730267; rev:1;) alert tcp $HOME_NET any -> [186.82.11.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.82.11.76/; sid:900730265; rev:1;) alert tcp $HOME_NET any -> [27.100.25.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.100.25.74/; sid:900730263; rev:1;) alert tcp $HOME_NET any -> [186.136.29.143] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.136.29.143/; sid:900730258; rev:1;) alert tcp $HOME_NET any -> [88.247.76.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.76.191/; sid:900730257; rev:1;) alert tcp $HOME_NET any -> [201.238.171.6] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.171.6/; sid:900730255; rev:1;) alert tcp $HOME_NET any -> [187.148.160.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.148.160.52/; sid:900730253; rev:1;) alert tcp $HOME_NET any -> [70.178.189.123] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.178.189.123/; sid:900730252; rev:1;) alert tcp $HOME_NET any -> [181.48.22.219] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.22.219/; sid:900730251; rev:1;) alert tcp $HOME_NET any -> [105.228.147.223] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.147.223/; sid:900730250; rev:1;) alert tcp $HOME_NET any -> [63.143.74.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.143.74.70/; sid:900730249; rev:1;) alert tcp $HOME_NET any -> [217.165.124.206] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.124.206/; sid:900730248; rev:1;) alert tcp $HOME_NET any -> [176.192.20.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.192.20.62/; sid:900730246; rev:1;) alert tcp $HOME_NET any -> [177.225.150.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.225.150.89/; sid:900730245; rev:1;) alert tcp $HOME_NET any -> [200.119.193.251] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.119.193.251/; sid:900730241; rev:1;) alert tcp $HOME_NET any -> [189.189.79.143] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.79.143/; sid:900730240; rev:1;) alert tcp $HOME_NET any -> [179.32.192.202] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.32.192.202/; sid:900730239; rev:1;) alert tcp $HOME_NET any -> [54.38.247.98] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.247.98/; sid:900730238; rev:1;) alert tcp $HOME_NET any -> [187.163.183.194] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.163.183.194/; sid:900730237; rev:1;) alert tcp $HOME_NET any -> [70.45.60.142] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, t