################################################################ # abuse.ch Feodo Tracker Suricata / Snort Ruleset (Aggresive) # # Last updated: 2020-01-16 19:44:19 UTC # # # # Terms Of Use: https://feodotracker.abuse.ch/blocklist/ # # For questions please contact feodotracker [at] abuse.ch # ################################################################ # alert tcp $HOME_NET any -> [61.221.152.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.221.152.140/; sid:900623475; rev:1;) alert tcp $HOME_NET any -> [122.176.116.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.176.116.57/; sid:900623477; rev:1;) alert tcp $HOME_NET any -> [200.82.88.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.88.254/; sid:900623472; rev:1;) alert tcp $HOME_NET any -> [58.92.179.55] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.92.179.55/; sid:900623473; rev:1;) alert tcp $HOME_NET any -> [101.187.197.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.197.33/; sid:900623463; rev:1;) alert tcp $HOME_NET any -> [98.30.113.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.30.113.161/; sid:900623469; rev:1;) alert tcp $HOME_NET any -> [181.13.24.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.13.24.82/; sid:900623464; rev:1;) alert tcp $HOME_NET any -> [78.142.114.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.142.114.69/; sid:900623470; rev:1;) alert tcp $HOME_NET any -> [201.229.45.222] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.229.45.222/; sid:900623465; rev:1;) alert tcp $HOME_NET any -> [81.17.92.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.17.92.70/; sid:900623468; rev:1;) alert tcp $HOME_NET any -> [185.160.229.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.160.229.26/; sid:901830766; rev:1;) alert tcp $HOME_NET any -> [64.40.250.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.40.250.5/; sid:900623467; rev:1;) alert tcp $HOME_NET any -> [68.172.243.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.172.243.146/; sid:900623466; rev:1;) alert tcp $HOME_NET any -> [70.123.95.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.123.95.180/; sid:900623462; rev:1;) alert tcp $HOME_NET any -> [177.103.240.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.240.93/; sid:900623471; rev:1;) alert tcp $HOME_NET any -> [91.117.159.233] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.159.233/; sid:901825464; rev:1;) alert tcp $HOME_NET any -> [81.16.1.45] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.16.1.45/; sid:901825463; rev:1;) alert tcp $HOME_NET any -> [181.129.96.162] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.96.162/; sid:900623453; rev:1;) alert tcp $HOME_NET any -> [97.120.32.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.120.32.227/; sid:901825458; rev:1;) alert tcp $HOME_NET any -> [189.26.118.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.26.118.194/; sid:901825455; rev:1;) alert tcp $HOME_NET any -> [83.35.213.87] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.35.213.87/; sid:900623459; rev:1;) alert tcp $HOME_NET any -> [82.152.149.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.152.149.79/; sid:900623454; rev:1;) alert tcp $HOME_NET any -> [73.239.11.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.239.11.159/; sid:900623457; rev:1;) alert tcp $HOME_NET any -> [95.213.236.64] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.213.236.64/; sid:901824336; rev:1;) alert tcp $HOME_NET any -> [72.189.57.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.189.57.105/; sid:900623449; rev:1;) alert tcp $HOME_NET any -> [187.72.47.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.72.47.161/; sid:900623474; rev:1;) alert tcp $HOME_NET any -> [122.19.63.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.19.63.27/; sid:900623451; rev:1;) alert tcp $HOME_NET any -> [125.209.114.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.209.114.180/; sid:900623458; rev:1;) alert tcp $HOME_NET any -> [211.20.154.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.20.154.102/; sid:901824074; rev:1;) alert tcp $HOME_NET any -> [76.11.76.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.11.76.47/; sid:900623447; rev:1;) alert tcp $HOME_NET any -> [61.204.119.188] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.204.119.188/; sid:900623446; rev:1;) alert tcp $HOME_NET any -> [24.141.12.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.141.12.228/; sid:900623445; rev:1;) alert tcp $HOME_NET any -> [24.196.49.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.196.49.98/; sid:900623448; rev:1;) alert tcp $HOME_NET any -> [5.34.176.242] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.242/; sid:900623450; rev:1;) alert tcp $HOME_NET any -> [185.105.1.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.105.1.141/; sid:900623452; rev:1;) alert tcp $HOME_NET any -> [5.182.210.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.226/; sid:900623430; rev:1;) alert tcp $HOME_NET any -> [188.165.62.36] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.36/; sid:900623429; rev:1;) alert tcp $HOME_NET any -> [198.23.252.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.132/; sid:900623428; rev:1;) alert tcp $HOME_NET any -> [5.34.176.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.218/; sid:900623427; rev:1;) alert tcp $HOME_NET any -> [185.99.2.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.117/; sid:900623425; rev:1;) alert tcp $HOME_NET any -> [93.189.46.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.46.122/; sid:900623423; rev:1;) alert tcp $HOME_NET any -> [201.213.100.141] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.100.141/; sid:900623420; rev:1;) alert tcp $HOME_NET any -> [94.176.234.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.176.234.118/; sid:901814770; rev:1;) alert tcp $HOME_NET any -> [139.47.135.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.47.135.215/; sid:900623418; rev:1;) alert tcp $HOME_NET any -> [186.177.165.196] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.165.196/; sid:900623419; rev:1;) alert tcp $HOME_NET any -> [60.152.212.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.152.212.149/; sid:900623434; rev:1;) alert tcp $HOME_NET any -> [95.130.37.244] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.130.37.244/; sid:901814706; rev:1;) alert tcp $HOME_NET any -> [77.74.78.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.74.78.80/; sid:901814704; rev:1;) alert tcp $HOME_NET any -> [160.226.171.255] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.226.171.255/; sid:901814701; rev:1;) alert tcp $HOME_NET any -> [181.54.246.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.54.246.80/; sid:900623415; rev:1;) alert tcp $HOME_NET any -> [186.147.245.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.147.245.204/; sid:900623416; rev:1;) alert tcp $HOME_NET any -> [165.255.142.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.142.118/; sid:900623414; rev:1;) alert tcp $HOME_NET any -> [5.2.78.43] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.43/; sid:900623421; rev:1;) alert tcp $HOME_NET any -> [120.151.135.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.151.135.224/; sid:901814522; rev:1;) alert tcp $HOME_NET any -> [197.89.27.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.27.26/; sid:900623410; rev:1;) alert tcp $HOME_NET any -> [72.186.137.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.186.137.156/; sid:900623412; rev:1;) alert tcp $HOME_NET any -> [58.171.38.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.38.26/; sid:900623444; rev:1;) alert tcp $HOME_NET any -> [162.247.155.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.133/; sid:900623413; rev:1;) alert tcp $HOME_NET any -> [70.184.69.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.69.146/; sid:900623422; rev:1;) alert tcp $HOME_NET any -> [76.185.136.132] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.185.136.132/; sid:900623417; rev:1;) alert tcp $HOME_NET any -> [185.142.99.8] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.8/; sid:900623424; rev:1;) alert tcp $HOME_NET any -> [146.185.253.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.122/; sid:900623431; rev:1;) alert tcp $HOME_NET any -> [82.146.62.52] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.62.52/; sid:900623432; rev:1;) alert tcp $HOME_NET any -> [85.143.220.228] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.220.228/; sid:900623433; rev:1;) alert tcp $HOME_NET any -> [212.109.220.111] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.220.111/; sid:900623435; rev:1;) alert tcp $HOME_NET any -> [104.168.96.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.96.113/; sid:900623439; rev:1;) alert tcp $HOME_NET any -> [85.143.217.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.217.237/; sid:900623443; rev:1;) alert tcp $HOME_NET any -> [5.2.78.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.98/; sid:900623406; rev:1;) alert tcp $HOME_NET any -> [185.62.188.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.188.34/; sid:900623407; rev:1;) alert tcp $HOME_NET any -> [78.189.180.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.180.107/; sid:900623403; rev:1;) alert tcp $HOME_NET any -> [37.139.21.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.139.21.175/; sid:901812044; rev:1;) alert tcp $HOME_NET any -> [183.82.123.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.123.60/; sid:900623399; rev:1;) alert tcp $HOME_NET any -> [210.171.146.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.171.146.118/; sid:901812018; rev:1;) alert tcp $HOME_NET any -> [125.209.114.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.209.114.182/; sid:901812016; rev:1;) alert tcp $HOME_NET any -> [60.130.173.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.130.173.117/; sid:900623436; rev:1;) alert tcp $HOME_NET any -> [78.189.60.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.60.109/; sid:900623401; rev:1;) alert tcp $HOME_NET any -> [76.87.58.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.87.58.38/; sid:901812001; rev:1;) alert tcp $HOME_NET any -> [186.15.52.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.52.123/; sid:900623408; rev:1;) alert tcp $HOME_NET any -> [2.47.112.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.47.112.72/; sid:900623395; rev:1;) alert tcp $HOME_NET any -> [177.34.142.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.34.142.163/; sid:901811994; rev:1;) alert tcp $HOME_NET any -> [172.104.169.32] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.169.32/; sid:901811986; rev:1;) alert tcp $HOME_NET any -> [120.150.247.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.247.164/; sid:900623393; rev:1;) alert tcp $HOME_NET any -> [59.120.5.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.120.5.154/; sid:900623397; rev:1;) alert tcp $HOME_NET any -> [192.241.143.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.143.52/; sid:900623394; rev:1;) alert tcp $HOME_NET any -> [93.189.41.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.107/; sid:900623438; rev:1;) alert tcp $HOME_NET any -> [76.69.26.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.69.26.71/; sid:900623409; rev:1;) alert tcp $HOME_NET any -> [66.7.242.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.7.242.50/; sid:900623411; rev:1;) alert tcp $HOME_NET any -> [86.123.138.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.123.138.76/; sid:900623396; rev:1;) alert tcp $HOME_NET any -> [152.231.89.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.231.89.226/; sid:900623402; rev:1;) alert tcp $HOME_NET any -> [154.73.137.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.73.137.131/; sid:900623398; rev:1;) alert tcp $HOME_NET any -> [177.239.160.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.239.160.121/; sid:900623426; rev:1;) alert tcp $HOME_NET any -> [91.250.96.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.250.96.22/; sid:900623405; rev:1;) alert tcp $HOME_NET any -> [89.211.186.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.186.227/; sid:900623404; rev:1;) alert tcp $HOME_NET any -> [62.109.15.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.15.126/; sid:900623392; rev:1;) alert tcp $HOME_NET any -> [78.24.221.145] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.221.145/; sid:900623387; rev:1;) alert tcp $HOME_NET any -> [195.133.146.185] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.146.185/; sid:900623388; rev:1;) alert tcp $HOME_NET any -> [92.63.98.59] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.98.59/; sid:900623385; rev:1;) alert tcp $HOME_NET any -> [176.31.87.209] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.87.209/; sid:900623384; rev:1;) alert tcp $HOME_NET any -> [212.109.223.162] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.223.162/; sid:900623383; rev:1;) alert tcp $HOME_NET any -> [185.186.77.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.247/; sid:900623382; rev:1;) alert tcp $HOME_NET any -> [195.123.218.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.218.13/; sid:900623377; rev:1;) alert tcp $HOME_NET any -> [195.123.218.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.218.14/; sid:900623378; rev:1;) alert tcp $HOME_NET any -> [189.179.108.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.179.108.157/; sid:900623367; rev:1;) alert tcp $HOME_NET any -> [27.109.153.201] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.109.153.201/; sid:900623371; rev:1;) alert tcp $HOME_NET any -> [88.249.120.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.120.205/; sid:900623389; rev:1;) alert tcp $HOME_NET any -> [60.231.217.199] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.231.217.199/; sid:900623373; rev:1;) alert tcp $HOME_NET any -> [98.174.166.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.174.166.205/; sid:900623374; rev:1;) alert tcp $HOME_NET any -> [221.165.123.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.165.123.72/; sid:900623369; rev:1;) alert tcp $HOME_NET any -> [37.187.72.193] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.72.193/; sid:900623370; rev:1;) alert tcp $HOME_NET any -> [177.103.159.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.159.44/; sid:901794091; rev:1;) alert tcp $HOME_NET any -> [190.151.5.130] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.5.130/; sid:900623365; rev:1;) alert tcp $HOME_NET any -> [190.191.82.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.191.82.216/; sid:900623366; rev:1;) alert tcp $HOME_NET any -> [76.31.115.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.31.115.125/; sid:901794068; rev:1;) alert tcp $HOME_NET any -> [198.199.112.197] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.112.197/; sid:900623364; rev:1;) alert tcp $HOME_NET any -> [106.248.79.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.248.79.174/; sid:900623375; rev:1;) alert tcp $HOME_NET any -> [41.215.79.182] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.215.79.182/; sid:900623379; rev:1;) alert tcp $HOME_NET any -> [183.91.3.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.91.3.63/; sid:900623376; rev:1;) alert tcp $HOME_NET any -> [24.164.79.147] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.164.79.147/; sid:900623372; rev:1;) alert tcp $HOME_NET any -> [146.185.253.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.107/; sid:900623363; rev:1;) alert tcp $HOME_NET any -> [103.94.122.254] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.94.122.254/; sid:900623386; rev:1;) alert tcp $HOME_NET any -> [198.8.91.10] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.10/; sid:900623360; rev:1;) alert tcp $HOME_NET any -> [23.95.231.187] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.231.187/; sid:900623359; rev:1;) alert tcp $HOME_NET any -> [5.2.76.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.76.122/; sid:900623358; rev:1;) alert tcp $HOME_NET any -> [92.63.105.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.105.138/; sid:900623353; rev:1;) alert tcp $HOME_NET any -> [85.143.219.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.230/; sid:900623357; rev:1;) alert tcp $HOME_NET any -> [95.181.198.151] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.151/; sid:900623354; rev:1;) alert tcp $HOME_NET any -> [185.99.2.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.149/; sid:900623355; rev:1;) alert tcp $HOME_NET any -> [79.174.12.245] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.174.12.245/; sid:900623356; rev:1;) alert tcp $HOME_NET any -> [188.0.135.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.0.135.237/; sid:900623352; rev:1;) alert tcp $HOME_NET any -> [58.162.218.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.162.218.151/; sid:900623336; rev:1;) alert tcp $HOME_NET any -> [114.109.179.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.109.179.60/; sid:900623340; rev:1;) alert tcp $HOME_NET any -> [177.92.14.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.92.14.34/; sid:901764506; rev:1;) alert tcp $HOME_NET any -> [41.60.200.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.60.200.34/; sid:900623332; rev:1;) alert tcp $HOME_NET any -> [181.126.70.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.126.70.117/; sid:900623330; rev:1;) alert tcp $HOME_NET any -> [5.32.55.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.32.55.214/; sid:900623334; rev:1;) alert tcp $HOME_NET any -> [173.66.96.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.66.96.135/; sid:900623347; rev:1;) alert tcp $HOME_NET any -> [186.86.247.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.247.171/; sid:900623331; rev:1;) alert tcp $HOME_NET any -> [180.33.6.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.33.6.136/; sid:900623338; rev:1;) alert tcp $HOME_NET any -> [78.210.132.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.210.132.35/; sid:900623345; rev:1;) alert tcp $HOME_NET any -> [112.68.254.127] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.68.254.127/; sid:900623325; rev:1;) alert tcp $HOME_NET any -> [1.221.254.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.221.254.82/; sid:900623329; rev:1;) alert tcp $HOME_NET any -> [1.217.126.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.217.126.11/; sid:900623324; rev:1;) alert tcp $HOME_NET any -> [91.73.169.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.73.169.210/; sid:900623328; rev:1;) alert tcp $HOME_NET any -> [86.108.77.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.108.77.73/; sid:900623327; rev:1;) alert tcp $HOME_NET any -> [196.6.119.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.6.119.137/; sid:900623326; rev:1;) alert tcp $HOME_NET any -> [47.180.91.213] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.91.213/; sid:900623333; rev:1;) alert tcp $HOME_NET any -> [45.73.157.243] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.157.243/; sid:900623335; rev:1;) alert tcp $HOME_NET any -> [113.190.254.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.190.254.245/; sid:900623339; rev:1;) alert tcp $HOME_NET any -> [190.38.152.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.38.152.143/; sid:901763642; rev:1;) alert tcp $HOME_NET any -> [190.231.42.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.231.42.130/; sid:901763641; rev:1;) alert tcp $HOME_NET any -> [187.54.225.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.54.225.76/; sid:901763640; rev:1;) alert tcp $HOME_NET any -> [209.146.22.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.146.22.34/; sid:900623321; rev:1;) alert tcp $HOME_NET any -> [73.217.39.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.217.39.73/; sid:900623337; rev:1;) alert tcp $HOME_NET any -> [190.55.181.54] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.181.54/; sid:900623320; rev:1;) alert tcp $HOME_NET any -> [178.153.176.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.176.124/; sid:900623348; rev:1;) alert tcp $HOME_NET any -> [139.130.242.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.130.242.43/; sid:900623319; rev:1;) alert tcp $HOME_NET any -> [189.203.177.41] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.203.177.41/; sid:900623323; rev:1;) alert tcp $HOME_NET any -> [201.137.247.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.137.247.222/; sid:900623317; rev:1;) alert tcp $HOME_NET any -> [190.201.144.85] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.144.85/; sid:900623362; rev:1;) alert tcp $HOME_NET any -> [75.86.6.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.86.6.174/; sid:901763290; rev:1;) alert tcp $HOME_NET any -> [183.87.40.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.87.40.21/; sid:900623341; rev:1;) alert tcp $HOME_NET any -> [91.205.173.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.173.150/; sid:900623318; rev:1;) alert tcp $HOME_NET any -> [88.249.181.198] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.249.181.198/; sid:900623343; rev:1;) alert tcp $HOME_NET any -> [5.2.77.116] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.77.116/; sid:900623344; rev:1;) alert tcp $HOME_NET any -> [185.172.129.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.101/; sid:900623313; rev:1;) alert tcp $HOME_NET any -> [194.32.79.187] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.32.79.187/; sid:900623346; rev:1;) alert tcp $HOME_NET any -> [185.144.138.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.144.138.190/; sid:900623361; rev:1;) alert tcp $HOME_NET any -> [185.99.2.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.131/; sid:900623349; rev:1;) alert tcp $HOME_NET any -> [198.23.252.115] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.115/; sid:900623350; rev:1;) alert tcp $HOME_NET any -> [167.86.123.176] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.123.176/; sid:900623351; rev:1;) alert tcp $HOME_NET any -> [91.191.206.60] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.191.206.60/; sid:901747682; rev:1;) alert tcp $HOME_NET any -> [181.231.220.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.231.220.232/; sid:900623380; rev:1;) alert tcp $HOME_NET any -> [79.7.158.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.7.158.208/; sid:900623310; rev:1;) alert tcp $HOME_NET any -> [110.170.65.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.170.65.146/; sid:900623312; rev:1;) alert tcp $HOME_NET any -> [62.15.36.103] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.15.36.103/; sid:900623309; rev:1;) alert tcp $HOME_NET any -> [94.200.126.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.126.42/; sid:900623381; rev:1;) alert tcp $HOME_NET any -> [110.2.118.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.2.118.164/; sid:900623305; rev:1;) alert tcp $HOME_NET any -> [190.231.210.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.231.210.35/; sid:901740807; rev:1;) alert tcp $HOME_NET any -> [181.53.29.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.53.29.136/; sid:900623302; rev:1;) alert tcp $HOME_NET any -> [182.187.137.199] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.187.137.199/; sid:900623342; rev:1;) alert tcp $HOME_NET any -> [112.186.195.176] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.186.195.176/; sid:900623311; rev:1;) alert tcp $HOME_NET any -> [105.209.235.113] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.209.235.113/; sid:900623299; rev:1;) alert tcp $HOME_NET any -> [160.119.153.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.119.153.20/; sid:900623314; rev:1;) alert tcp $HOME_NET any -> [144.139.91.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.91.187/; sid:900623301; rev:1;) alert tcp $HOME_NET any -> [200.45.187.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.45.187.90/; sid:900623303; rev:1;) alert tcp $HOME_NET any -> [185.99.2.209] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.209/; sid:900623295; rev:1;) alert tcp $HOME_NET any -> [172.245.153.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.153.186/; sid:900623294; rev:1;) alert tcp $HOME_NET any -> [5.2.73.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.73.126/; sid:900623304; rev:1;) alert tcp $HOME_NET any -> [192.99.255.32] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.255.32/; sid:900623296; rev:1;) alert tcp $HOME_NET any -> [37.230.115.111] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.230.115.111/; sid:900623298; rev:1;) alert tcp $HOME_NET any -> [185.246.67.49] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.67.49/; sid:900623306; rev:1;) alert tcp $HOME_NET any -> [198.23.252.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.138/; sid:900623297; rev:1;) alert tcp $HOME_NET any -> [114.179.127.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.179.127.48/; sid:900623300; rev:1;) alert tcp $HOME_NET any -> [190.219.149.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.149.236/; sid:900623308; rev:1;) alert tcp $HOME_NET any -> [194.87.95.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.95.54/; sid:900623291; rev:1;) alert tcp $HOME_NET any -> [184.164.137.176] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.164.137.176/; sid:900623287; rev:1;) alert tcp $HOME_NET any -> [5.2.64.184] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.64.184/; sid:900623289; rev:1;) alert tcp $HOME_NET any -> [46.173.214.227] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.173.214.227/; sid:900623285; rev:1;) alert tcp $HOME_NET any -> [108.20.69.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.20.69.44/; sid:901687139; rev:1;) alert tcp $HOME_NET any -> [200.21.90.5] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.90.5/; sid:900623286; rev:1;) alert tcp $HOME_NET any -> [200.116.145.225] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.145.225/; sid:900623283; rev:1;) alert tcp $HOME_NET any -> [59.8.197.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.8.197.241/; sid:900623284; rev:1;) alert tcp $HOME_NET any -> [178.237.139.83] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.237.139.83/; sid:900623282; rev:1;) alert tcp $HOME_NET any -> [210.6.85.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.6.85.121/; sid:900623290; rev:1;) alert tcp $HOME_NET any -> [62.138.26.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.138.26.28/; sid:901686181; rev:1;) alert tcp $HOME_NET any -> [70.169.53.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.169.53.234/; sid:900623281; rev:1;) alert tcp $HOME_NET any -> [136.243.250.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.250.34/; sid:900623279; rev:1;) alert tcp $HOME_NET any -> [47.153.183.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.153.183.211/; sid:900623307; rev:1;) alert tcp $HOME_NET any -> [172.82.152.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.14/; sid:900623278; rev:1;) alert tcp $HOME_NET any -> [107.181.175.119] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.119/; sid:900623276; rev:1;) alert tcp $HOME_NET any -> [185.186.77.229] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.229/; sid:900623277; rev:1;) alert tcp $HOME_NET any -> [164.68.107.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.107.58/; sid:900623275; rev:1;) alert tcp $HOME_NET any -> [188.120.231.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.231.230/; sid:900623274; rev:1;) alert tcp $HOME_NET any -> [185.192.109.114] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.192.109.114/; sid:900623273; rev:1;) alert tcp $HOME_NET any -> [185.63.191.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.63.191.109/; sid:900623270; rev:1;) alert tcp $HOME_NET any -> [185.11.146.147] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.11.146.147/; sid:900623269; rev:1;) alert tcp $HOME_NET any -> [64.44.51.120] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.120/; sid:900623268; rev:1;) alert tcp $HOME_NET any -> [190.247.9.40] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.247.9.40/; sid:901663857; rev:1;) alert tcp $HOME_NET any -> [203.160.173.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.160.173.202/; sid:901663847; rev:1;) alert tcp $HOME_NET any -> [186.177.174.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.174.163/; sid:900623271; rev:1;) alert tcp $HOME_NET any -> [5.178.245.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.178.245.100/; sid:900623266; rev:1;) alert tcp $HOME_NET any -> [41.185.29.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.185.29.128/; sid:901663844; rev:1;) alert tcp $HOME_NET any -> [122.116.104.238] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.116.104.238/; sid:900623293; rev:1;) alert tcp $HOME_NET any -> [203.153.216.178] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.153.216.178/; sid:901663825; rev:1;) alert tcp $HOME_NET any -> [158.69.167.246] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.167.246/; sid:901663820; rev:1;) alert tcp $HOME_NET any -> [211.48.165.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.48.165.9/; sid:901663814; rev:1;) alert tcp $HOME_NET any -> [41.190.148.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.190.148.90/; sid:901663805; rev:1;) alert tcp $HOME_NET any -> [188.251.213.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.251.213.180/; sid:900623262; rev:1;) alert tcp $HOME_NET any -> [14.161.30.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.161.30.33/; sid:900623264; rev:1;) alert tcp $HOME_NET any -> [92.223.59.28] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.223.59.28/; sid:900623260; rev:1;) alert tcp $HOME_NET any -> [203.124.57.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.124.57.50/; sid:900623265; rev:1;) alert tcp $HOME_NET any -> [93.189.41.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.41.190/; sid:900623261; rev:1;) alert tcp $HOME_NET any -> [212.253.82.142] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.253.82.142/; sid:900623267; rev:1;) alert tcp $HOME_NET any -> [164.68.108.243] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.108.243/; sid:900623258; rev:1;) alert tcp $HOME_NET any -> [107.173.26.231] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.26.231/; sid:900623272; rev:1;) alert tcp $HOME_NET any -> [185.172.129.176] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.176/; sid:900623257; rev:1;) alert tcp $HOME_NET any -> [85.143.216.194] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.216.194/; sid:900623256; rev:1;) alert tcp $HOME_NET any -> [5.2.78.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.38/; sid:900623255; rev:1;) alert tcp $HOME_NET any -> [51.89.115.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.124/; sid:900623253; rev:1;) alert tcp $HOME_NET any -> [146.185.253.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.164/; sid:900623254; rev:1;) alert tcp $HOME_NET any -> [188.165.62.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.34/; sid:900623252; rev:1;) alert tcp $HOME_NET any -> [198.23.209.201] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.209.201/; sid:900623251; rev:1;) alert tcp $HOME_NET any -> [172.82.152.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.104/; sid:900623250; rev:1;) alert tcp $HOME_NET any -> [216.251.83.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.251.83.79/; sid:900623259; rev:1;) alert tcp $HOME_NET any -> [164.68.120.60] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.120.60/; sid:900623248; rev:1;) alert tcp $HOME_NET any -> [78.24.223.88] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.223.88/; sid:900623247; rev:1;) alert tcp $HOME_NET any -> [36.89.88.111] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.89.88.111/; sid:900623246; rev:1;) alert tcp $HOME_NET any -> [203.176.135.102] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.176.135.102/; sid:900623241; rev:1;) alert tcp $HOME_NET any -> [185.213.20.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.213.20.246/; sid:900623242; rev:1;) alert tcp $HOME_NET any -> [185.141.27.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.190/; sid:900623240; rev:1;) alert tcp $HOME_NET any -> [188.120.254.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.254.68/; sid:900623243; rev:1;) alert tcp $HOME_NET any -> [45.8.230.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.230.203/; sid:900623245; rev:1;) alert tcp $HOME_NET any -> [5.2.70.145] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.70.145/; sid:900623244; rev:1;) alert tcp $HOME_NET any -> [93.144.226.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.144.226.57/; sid:900623249; rev:1;) alert tcp $HOME_NET any -> [112.218.134.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.218.134.227/; sid:901633004; rev:1;) alert tcp $HOME_NET any -> [62.109.22.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.22.226/; sid:900623234; rev:1;) alert tcp $HOME_NET any -> [51.89.115.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.126/; sid:900623236; rev:1;) alert tcp $HOME_NET any -> [85.217.171.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.171.52/; sid:900623237; rev:1;) alert tcp $HOME_NET any -> [45.143.93.9] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.143.93.9/; sid:900623233; rev:1;) alert tcp $HOME_NET any -> [5.2.78.79] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.78.79/; sid:900623232; rev:1;) alert tcp $HOME_NET any -> [51.89.204.240] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.204.240/; sid:900623229; rev:1;) alert tcp $HOME_NET any -> [185.62.190.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.190.167/; sid:900623230; rev:1;) alert tcp $HOME_NET any -> [146.185.253.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.126/; sid:900623226; rev:1;) alert tcp $HOME_NET any -> [5.182.210.221] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.221/; sid:900623221; rev:1;) alert tcp $HOME_NET any -> [185.99.2.168] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.168/; sid:900623222; rev:1;) alert tcp $HOME_NET any -> [92.16.222.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.16.222.156/; sid:900623219; rev:1;) alert tcp $HOME_NET any -> [190.17.94.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.94.108/; sid:900623216; rev:1;) alert tcp $HOME_NET any -> [88.248.140.80] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.248.140.80/; sid:901597850; rev:1;) alert tcp $HOME_NET any -> [83.248.141.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.248.141.198/; sid:900623227; rev:1;) alert tcp $HOME_NET any -> [151.237.36.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.237.36.220/; sid:900623209; rev:1;) alert tcp $HOME_NET any -> [200.123.183.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.183.137/; sid:900623214; rev:1;) alert tcp $HOME_NET any -> [190.161.180.184] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.161.180.184/; sid:900623212; rev:1;) alert tcp $HOME_NET any -> [37.187.6.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.6.63/; sid:901597696; rev:1;) alert tcp $HOME_NET any -> [190.210.236.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.236.139/; sid:900623213; rev:1;) alert tcp $HOME_NET any -> [177.242.21.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.21.126/; sid:900623211; rev:1;) alert tcp $HOME_NET any -> [190.189.224.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.224.117/; sid:900623206; rev:1;) alert tcp $HOME_NET any -> [76.164.99.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.164.99.46/; sid:900623220; rev:1;) alert tcp $HOME_NET any -> [209.141.54.221] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.54.221/; sid:901597675; rev:1;) alert tcp $HOME_NET any -> [59.148.227.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.148.227.190/; sid:901597668; rev:1;) alert tcp $HOME_NET any -> [177.180.115.224] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.180.115.224/; sid:900623210; rev:1;) alert tcp $HOME_NET any -> [82.165.15.188] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.165.15.188/; sid:901593588; rev:1;) alert tcp $HOME_NET any -> [189.61.200.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.61.200.9/; sid:901593576; rev:1;) alert tcp $HOME_NET any -> [160.16.215.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.16.215.66/; sid:901593458; rev:1;) alert tcp $HOME_NET any -> [121.88.5.176] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.88.5.176/; sid:901593451; rev:1;) alert tcp $HOME_NET any -> [197.94.32.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.94.32.129/; sid:900623202; rev:1;) alert tcp $HOME_NET any -> [219.78.255.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.78.255.48/; sid:901593449; rev:1;) alert tcp $HOME_NET any -> [138.122.5.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.122.5.214/; sid:900623196; rev:1;) alert tcp $HOME_NET any -> [159.69.89.130] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.89.130/; sid:900623200; rev:1;) alert tcp $HOME_NET any -> [71.83.82.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.83.82.123/; sid:901593436; rev:1;) alert tcp $HOME_NET any -> [47.149.28.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.149.28.234/; sid:901593435; rev:1;) alert tcp $HOME_NET any -> [83.165.78.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.165.78.227/; sid:900623195; rev:1;) alert tcp $HOME_NET any -> [219.75.66.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.75.66.103/; sid:900623194; rev:1;) alert tcp $HOME_NET any -> [212.237.50.61] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.237.50.61/; sid:900623205; rev:1;) alert tcp $HOME_NET any -> [2.45.112.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.45.112.134/; sid:900623193; rev:1;) alert tcp $HOME_NET any -> [144.217.117.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.117.207/; sid:900623197; rev:1;) alert tcp $HOME_NET any -> [68.187.160.28] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.187.160.28/; sid:900623239; rev:1;) alert tcp $HOME_NET any -> [24.181.125.62] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.181.125.62/; sid:900623207; rev:1;) alert tcp $HOME_NET any -> [98.156.206.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.156.206.153/; sid:900623208; rev:1;) alert tcp $HOME_NET any -> [78.189.165.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.165.52/; sid:900623217; rev:1;) alert tcp $HOME_NET any -> [85.100.122.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.100.122.211/; sid:900623218; rev:1;) alert tcp $HOME_NET any -> [175.114.178.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.114.178.83/; sid:900623198; rev:1;) alert tcp $HOME_NET any -> [165.228.195.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.228.195.93/; sid:900623223; rev:1;) alert tcp $HOME_NET any -> [200.114.167.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.167.85/; sid:900623201; rev:1;) alert tcp $HOME_NET any -> [45.79.75.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.75.232/; sid:900623203; rev:1;) alert tcp $HOME_NET any -> [108.61.99.179] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.61.99.179/; sid:900623199; rev:1;) alert tcp $HOME_NET any -> [24.105.202.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.105.202.216/; sid:900623322; rev:1;) alert tcp $HOME_NET any -> [24.94.237.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.94.237.248/; sid:900623280; rev:1;) alert tcp $HOME_NET any -> [179.5.118.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.5.118.12/; sid:900623316; rev:1;) alert tcp $HOME_NET any -> [98.178.241.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.178.241.106/; sid:900623288; rev:1;) alert tcp $HOME_NET any -> [190.171.153.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.153.139/; sid:900623263; rev:1;) alert tcp $HOME_NET any -> [191.183.21.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.183.21.190/; sid:900623192; rev:1;) alert tcp $HOME_NET any -> [190.93.210.113] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.93.210.113/; sid:900623204; rev:1;) alert tcp $HOME_NET any -> [195.123.221.35] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.35/; sid:900623190; rev:1;) alert tcp $HOME_NET any -> [95.9.217.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.9.217.200/; sid:900623455; rev:1;) alert tcp $HOME_NET any -> [5.34.176.93] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.93/; sid:900623187; rev:1;) alert tcp $HOME_NET any -> [183.99.239.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.99.239.141/; sid:900623181; rev:1;) alert tcp $HOME_NET any -> [82.36.103.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.36.103.14/; sid:901575548; rev:1;) alert tcp $HOME_NET any -> [81.157.234.90] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.157.234.90/; sid:900623185; rev:1;) alert tcp $HOME_NET any -> [37.211.49.127] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.49.127/; sid:900623184; rev:1;) alert tcp $HOME_NET any -> [188.135.15.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.135.15.49/; sid:900623182; rev:1;) alert tcp $HOME_NET any -> [66.25.34.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.25.34.20/; sid:900623179; rev:1;) alert tcp $HOME_NET any -> [184.167.148.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.167.148.162/; sid:900623178; rev:1;) alert tcp $HOME_NET any -> [177.144.130.105] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.144.130.105/; sid:900623172; rev:1;) alert tcp $HOME_NET any -> [217.181.139.237] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.181.139.237/; sid:900623175; rev:1;) alert tcp $HOME_NET any -> [185.192.75.240] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.192.75.240/; sid:901575437; rev:1;) alert tcp $HOME_NET any -> [217.12.70.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.70.226/; sid:900623174; rev:1;) alert tcp $HOME_NET any -> [190.47.236.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.47.236.83/; sid:900623173; rev:1;) alert tcp $HOME_NET any -> [63.248.198.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.248.198.8/; sid:900623186; rev:1;) alert tcp $HOME_NET any -> [189.19.81.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.19.81.181/; sid:900623183; rev:1;) alert tcp $HOME_NET any -> [66.229.161.86] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.229.161.86/; sid:900623176; rev:1;) alert tcp $HOME_NET any -> [1.215.28.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.215.28.101/; sid:900623177; rev:1;) alert tcp $HOME_NET any -> [85.143.223.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.24/; sid:900623171; rev:1;) alert tcp $HOME_NET any -> [5.182.210.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.45/; sid:900623163; rev:1;) alert tcp $HOME_NET any -> [185.99.2.74] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.74/; sid:900623164; rev:1;) alert tcp $HOME_NET any -> [37.70.131.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.70.131.107/; sid:900623169; rev:1;) alert tcp $HOME_NET any -> [95.255.140.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.255.140.89/; sid:901569435; rev:1;) alert tcp $HOME_NET any -> [59.158.164.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.158.164.66/; sid:900623167; rev:1;) alert tcp $HOME_NET any -> [94.203.236.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.203.236.122/; sid:901569431; rev:1;) alert tcp $HOME_NET any -> [220.78.29.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.78.29.88/; sid:901569428; rev:1;) alert tcp $HOME_NET any -> [72.51.153.27] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.51.153.27/; sid:901569424; rev:1;) alert tcp $HOME_NET any -> [211.42.204.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.42.204.154/; sid:900623160; rev:1;) alert tcp $HOME_NET any -> [156.155.163.232] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.155.163.232/; sid:900623168; rev:1;) alert tcp $HOME_NET any -> [2.44.167.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.44.167.52/; sid:901568872; rev:1;) alert tcp $HOME_NET any -> [94.200.114.162] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.200.114.162/; sid:900623159; rev:1;) alert tcp $HOME_NET any -> [80.103.207.62] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.103.207.62/; sid:900623157; rev:1;) alert tcp $HOME_NET any -> [24.100.130.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.100.130.206/; sid:901568869; rev:1;) alert tcp $HOME_NET any -> [91.117.83.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.83.59/; sid:900623158; rev:1;) alert tcp $HOME_NET any -> [97.81.12.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.81.12.153/; sid:901568864; rev:1;) alert tcp $HOME_NET any -> [45.8.136.201] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.136.201/; sid:900623155; rev:1;) alert tcp $HOME_NET any -> [190.6.193.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.6.193.152/; sid:900623154; rev:1;) alert tcp $HOME_NET any -> [190.100.153.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.153.162/; sid:900623153; rev:1;) alert tcp $HOME_NET any -> [146.185.219.28] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.28/; sid:900623162; rev:1;) alert tcp $HOME_NET any -> [2.237.76.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.237.76.249/; sid:900623149; rev:1;) alert tcp $HOME_NET any -> [68.118.26.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.118.26.116/; sid:900623151; rev:1;) alert tcp $HOME_NET any -> [211.44.35.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.44.35.111/; sid:900623150; rev:1;) alert tcp $HOME_NET any -> [174.81.132.128] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.81.132.128/; sid:900623148; rev:1;) alert tcp $HOME_NET any -> [173.247.19.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.247.19.238/; sid:900623147; rev:1;) alert tcp $HOME_NET any -> [74.79.103.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.79.103.55/; sid:900623156; rev:1;) alert tcp $HOME_NET any -> [61.197.110.214] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.197.110.214/; sid:900623180; rev:1;) alert tcp $HOME_NET any -> [69.14.208.221] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.14.208.221/; sid:900623161; rev:1;) alert tcp $HOME_NET any -> [37.120.185.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.120.185.153/; sid:901566287; rev:1;) alert tcp $HOME_NET any -> [2.139.158.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.139.158.136/; sid:900623143; rev:1;) alert tcp $HOME_NET any -> [93.148.252.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.148.252.90/; sid:900623144; rev:1;) alert tcp $HOME_NET any -> [99.252.27.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.252.27.6/; sid:900623145; rev:1;) alert tcp $HOME_NET any -> [152.170.108.99] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.108.99/; sid:901566263; rev:1;) alert tcp $HOME_NET any -> [130.204.247.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.204.247.253/; sid:900623188; rev:1;) alert tcp $HOME_NET any -> [185.244.167.25] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.167.25/; sid:901565174; rev:1;) alert tcp $HOME_NET any -> [91.117.131.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.131.122/; sid:900623146; rev:1;) alert tcp $HOME_NET any -> [58.185.224.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.185.224.18/; sid:900623141; rev:1;) alert tcp $HOME_NET any -> [51.77.113.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.113.97/; sid:901565157; rev:1;) alert tcp $HOME_NET any -> [105.225.77.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.77.21/; sid:901565145; rev:1;) alert tcp $HOME_NET any -> [190.38.252.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.38.252.45/; sid:901565144; rev:1;) alert tcp $HOME_NET any -> [81.0.63.86] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.0.63.86/; sid:901564243; rev:1;) alert tcp $HOME_NET any -> [2.235.190.23] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.235.190.23/; sid:900623142; rev:1;) alert tcp $HOME_NET any -> [24.93.212.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.93.212.32/; sid:901564231; rev:1;) alert tcp $HOME_NET any -> [70.46.247.81] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.46.247.81/; sid:900623138; rev:1;) alert tcp $HOME_NET any -> [82.155.161.203] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.155.161.203/; sid:900623139; rev:1;) alert tcp $HOME_NET any -> [104.137.176.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.137.176.186/; sid:900623137; rev:1;) alert tcp $HOME_NET any -> [174.77.190.137] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.77.190.137/; sid:900623135; rev:1;) alert tcp $HOME_NET any -> [37.46.132.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.46.132.101/; sid:900623140; rev:1;) alert tcp $HOME_NET any -> [66.209.97.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.209.97.122/; sid:900623136; rev:1;) alert tcp $HOME_NET any -> [85.152.174.56] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.152.174.56/; sid:900623461; rev:1;) alert tcp $HOME_NET any -> [181.167.35.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.35.84/; sid:900623152; rev:1;) alert tcp $HOME_NET any -> [212.109.195.15] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.195.15/; sid:900623134; rev:1;) alert tcp $HOME_NET any -> [93.189.42.185] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.185/; sid:900623131; rev:1;) alert tcp $HOME_NET any -> [185.180.198.143] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.143/; sid:900623133; rev:1;) alert tcp $HOME_NET any -> [195.123.241.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.241.207/; sid:900623130; rev:1;) alert tcp $HOME_NET any -> [195.123.245.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.122/; sid:900623129; rev:1;) alert tcp $HOME_NET any -> [118.36.70.245] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.36.70.245/; sid:900623125; rev:1;) alert tcp $HOME_NET any -> [223.255.148.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.255.148.134/; sid:900623122; rev:1;) alert tcp $HOME_NET any -> [192.241.146.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.146.84/; sid:901545388; rev:1;) alert tcp $HOME_NET any -> [80.11.158.65] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.11.158.65/; sid:900623123; rev:1;) alert tcp $HOME_NET any -> [111.125.71.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.125.71.22/; sid:901545380; rev:1;) alert tcp $HOME_NET any -> [87.9.181.247] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.9.181.247/; sid:900623119; rev:1;) alert tcp $HOME_NET any -> [186.84.173.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.84.173.136/; sid:900623118; rev:1;) alert tcp $HOME_NET any -> [82.146.55.23] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.55.23/; sid:901545236; rev:1;) alert tcp $HOME_NET any -> [100.38.11.243] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.38.11.243/; sid:900623116; rev:1;) alert tcp $HOME_NET any -> [64.147.15.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.147.15.138/; sid:900623113; rev:1;) alert tcp $HOME_NET any -> [103.86.49.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.86.49.11/; sid:901544832; rev:1;) alert tcp $HOME_NET any -> [200.7.243.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.7.243.108/; sid:900623111; rev:1;) alert tcp $HOME_NET any -> [218.44.21.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.44.21.114/; sid:900623112; rev:1;) alert tcp $HOME_NET any -> [179.13.185.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.13.185.19/; sid:901544807; rev:1;) alert tcp $HOME_NET any -> [73.214.99.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.214.99.25/; sid:900623110; rev:1;) alert tcp $HOME_NET any -> [113.61.76.239] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.61.76.239/; sid:900623121; rev:1;) alert tcp $HOME_NET any -> [108.184.9.44] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.184.9.44/; sid:900623114; rev:1;) alert tcp $HOME_NET any -> [181.46.176.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.46.176.38/; sid:900623117; rev:1;) alert tcp $HOME_NET any -> [164.68.115.146] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.115.146/; sid:900623115; rev:1;) alert tcp $HOME_NET any -> [88.247.26.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.247.26.78/; sid:900623128; rev:1;) alert tcp $HOME_NET any -> [185.14.30.135] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.135/; sid:900623124; rev:1;) alert tcp $HOME_NET any -> [45.9.250.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.9.250.244/; sid:900623108; rev:1;) alert tcp $HOME_NET any -> [185.186.77.243] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.243/; sid:900623106; rev:1;) alert tcp $HOME_NET any -> [193.37.212.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.139/; sid:900623107; rev:1;) alert tcp $HOME_NET any -> [198.46.161.216] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.161.216/; sid:900623103; rev:1;) alert tcp $HOME_NET any -> [31.131.182.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.131.182.30/; sid:901540953; rev:1;) alert tcp $HOME_NET any -> [138.59.177.106] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.59.177.106/; sid:900623100; rev:1;) alert tcp $HOME_NET any -> [45.50.177.164] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.50.177.164/; sid:900623098; rev:1;) alert tcp $HOME_NET any -> [149.135.123.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.135.123.65/; sid:901540822; rev:1;) alert tcp $HOME_NET any -> [175.103.239.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.103.239.50/; sid:900623097; rev:1;) alert tcp $HOME_NET any -> [89.215.225.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.215.225.15/; sid:900623120; rev:1;) alert tcp $HOME_NET any -> [42.51.192.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.51.192.231/; sid:901540787; rev:1;) alert tcp $HOME_NET any -> [178.134.1.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.134.1.238/; sid:900623095; rev:1;) alert tcp $HOME_NET any -> [47.6.15.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.6.15.79/; sid:900623102; rev:1;) alert tcp $HOME_NET any -> [168.235.82.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.82.183/; sid:900623315; rev:1;) alert tcp $HOME_NET any -> [186.67.208.78] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.67.208.78/; sid:900623132; rev:1;) alert tcp $HOME_NET any -> [192.227.232.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.50/; sid:900623105; rev:1;) alert tcp $HOME_NET any -> [120.51.83.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.51.83.89/; sid:900623094; rev:1;) alert tcp $HOME_NET any -> [173.91.11.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.91.11.142/; sid:900623101; rev:1;) alert tcp $HOME_NET any -> [96.234.38.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.234.38.186/; sid:900623096; rev:1;) alert tcp $HOME_NET any -> [73.60.8.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.60.8.210/; sid:900623099; rev:1;) alert tcp $HOME_NET any -> [192.227.232.116] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.116/; sid:900623086; rev:1;) alert tcp $HOME_NET any -> [86.70.224.211] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.70.224.211/; sid:900623082; rev:1;) alert tcp $HOME_NET any -> [67.254.196.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.254.196.78/; sid:900623080; rev:1;) alert tcp $HOME_NET any -> [139.59.12.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.12.63/; sid:901533369; rev:1;) alert tcp $HOME_NET any -> [119.57.36.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.57.36.54/; sid:900623078; rev:1;) alert tcp $HOME_NET any -> [37.46.129.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.46.129.215/; sid:901533364; rev:1;) alert tcp $HOME_NET any -> [190.161.67.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.161.67.63/; sid:901533362; rev:1;) alert tcp $HOME_NET any -> [175.127.140.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.127.140.68/; sid:900623077; rev:1;) alert tcp $HOME_NET any -> [86.98.157.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.157.3/; sid:900623083; rev:1;) alert tcp $HOME_NET any -> [78.187.204.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.187.204.70/; sid:900623081; rev:1;) alert tcp $HOME_NET any -> [85.72.180.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.72.180.68/; sid:901533344; rev:1;) alert tcp $HOME_NET any -> [64.53.242.181] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.53.242.181/; sid:900623075; rev:1;) alert tcp $HOME_NET any -> [184.184.202.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.184.202.167/; sid:901533314; rev:1;) alert tcp $HOME_NET any -> [144.2.165.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.2.165.179/; sid:901533313; rev:1;) alert tcp $HOME_NET any -> [139.162.118.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.118.88/; sid:901533298; rev:1;) alert tcp $HOME_NET any -> [79.7.114.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.7.114.1/; sid:900623089; rev:1;) alert tcp $HOME_NET any -> [71.76.45.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.76.45.83/; sid:901533287; rev:1;) alert tcp $HOME_NET any -> [114.8.133.71] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.8.133.71/; sid:900623085; rev:1;) alert tcp $HOME_NET any -> [103.209.178.208] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.209.178.208/; sid:900623071; rev:1;) alert tcp $HOME_NET any -> [85.235.219.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.235.219.74/; sid:900623084; rev:1;) alert tcp $HOME_NET any -> [98.24.231.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.24.231.64/; sid:901532742; rev:1;) alert tcp $HOME_NET any -> [174.57.150.13] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.57.150.13/; sid:900623088; rev:1;) alert tcp $HOME_NET any -> [78.186.102.195] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.186.102.195/; sid:900623091; rev:1;) alert tcp $HOME_NET any -> [91.117.31.181] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.117.31.181/; sid:900623068; rev:1;) alert tcp $HOME_NET any -> [165.100.148.200] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.100.148.200/; sid:901532711; rev:1;) alert tcp $HOME_NET any -> [153.190.41.185] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.190.41.185/; sid:901532710; rev:1;) alert tcp $HOME_NET any -> [171.100.142.238] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.100.142.238/; sid:900623166; rev:1;) alert tcp $HOME_NET any -> [96.38.234.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.38.234.10/; sid:900623073; rev:1;) alert tcp $HOME_NET any -> [75.80.148.244] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.80.148.244/; sid:900623076; rev:1;) alert tcp $HOME_NET any -> [91.74.175.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.74.175.46/; sid:900623072; rev:1;) alert tcp $HOME_NET any -> [110.143.84.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.84.202/; sid:900623074; rev:1;) alert tcp $HOME_NET any -> [190.146.14.143] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.14.143/; sid:900623079; rev:1;) alert tcp $HOME_NET any -> [74.59.187.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.59.187.94/; sid:900623191; rev:1;) alert tcp $HOME_NET any -> [23.94.70.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.70.12/; sid:900623060; rev:1;) alert tcp $HOME_NET any -> [185.14.30.176] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.176/; sid:900623058; rev:1;) alert tcp $HOME_NET any -> [201.173.217.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.173.217.124/; sid:900623056; rev:1;) alert tcp $HOME_NET any -> [1.33.230.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.33.230.137/; sid:900623053; rev:1;) alert tcp $HOME_NET any -> [74.105.102.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.105.102.97/; sid:900623057; rev:1;) alert tcp $HOME_NET any -> [73.11.153.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.11.153.178/; sid:901528373; rev:1;) alert tcp $HOME_NET any -> [194.5.250.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.58/; sid:900623055; rev:1;) alert tcp $HOME_NET any -> [198.46.161.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.161.213/; sid:900623054; rev:1;) alert tcp $HOME_NET any -> [200.41.121.69] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.41.121.69/; sid:900623067; rev:1;) alert tcp $HOME_NET any -> [68.174.15.223] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.174.15.223/; sid:900623064; rev:1;) alert tcp $HOME_NET any -> [2.42.173.240] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.42.173.240/; sid:900623063; rev:1;) alert tcp $HOME_NET any -> [47.156.70.145] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.156.70.145/; sid:900623070; rev:1;) alert tcp $HOME_NET any -> [85.152.208.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.152.208.146/; sid:900623065; rev:1;) alert tcp $HOME_NET any -> [5.182.210.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.132/; sid:900623052; rev:1;) alert tcp $HOME_NET any -> [119.252.165.75] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.252.165.75/; sid:900623050; rev:1;) alert tcp $HOME_NET any -> [85.143.218.118] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.118/; sid:900623051; rev:1;) alert tcp $HOME_NET any -> [180.180.216.177] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.180.216.177/; sid:900623231; rev:1;) alert tcp $HOME_NET any -> [172.82.152.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.136/; sid:900623047; rev:1;) alert tcp $HOME_NET any -> [185.117.119.169] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.169/; sid:900623048; rev:1;) alert tcp $HOME_NET any -> [184.164.137.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.164.137.190/; sid:900623049; rev:1;) alert tcp $HOME_NET any -> [5.2.75.137] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.75.137/; sid:900623046; rev:1;) alert tcp $HOME_NET any -> [121.100.19.18] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.100.19.18/; sid:900623044; rev:1;) alert tcp $HOME_NET any -> [110.142.38.16] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.38.16/; sid:900623039; rev:1;) alert tcp $HOME_NET any -> [66.34.201.20] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.34.201.20/; sid:900623043; rev:1;) alert tcp $HOME_NET any -> [37.59.24.177] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.24.177/; sid:900623041; rev:1;) alert tcp $HOME_NET any -> [100.14.117.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.14.117.137/; sid:900623038; rev:1;) alert tcp $HOME_NET any -> [66.76.63.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.76.63.99/; sid:900623042; rev:1;) alert tcp $HOME_NET any -> [5.88.27.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.88.27.67/; sid:900623036; rev:1;) alert tcp $HOME_NET any -> [87.106.46.107] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.46.107/; sid:901522342; rev:1;) alert tcp $HOME_NET any -> [104.33.129.244] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.33.129.244/; sid:901522328; rev:1;) alert tcp $HOME_NET any -> [195.191.107.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.191.107.67/; sid:901522308; rev:1;) alert tcp $HOME_NET any -> [115.179.91.58] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.179.91.58/; sid:900623031; rev:1;) alert tcp $HOME_NET any -> [46.105.128.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.128.215/; sid:900623034; rev:1;) alert tcp $HOME_NET any -> [103.9.145.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.9.145.19/; sid:900623032; rev:1;) alert tcp $HOME_NET any -> [67.171.182.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.171.182.231/; sid:900623035; rev:1;) alert tcp $HOME_NET any -> [12.176.19.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.176.19.218/; sid:900623040; rev:1;) alert tcp $HOME_NET any -> [190.171.135.235] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.135.235/; sid:900623087; rev:1;) alert tcp $HOME_NET any -> [192.227.232.21] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.21/; sid:900623030; rev:1;) alert tcp $HOME_NET any -> [64.44.51.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.106/; sid:900623029; rev:1;) alert tcp $HOME_NET any -> [24.27.122.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.27.122.202/; sid:900623033; rev:1;) alert tcp $HOME_NET any -> [76.221.133.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.221.133.146/; sid:900623037; rev:1;) alert tcp $HOME_NET any -> [93.67.154.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.67.154.252/; sid:900623025; rev:1;) alert tcp $HOME_NET any -> [202.186.240.165] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.186.240.165/; sid:900623023; rev:1;) alert tcp $HOME_NET any -> [37.183.121.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.183.121.32/; sid:900623024; rev:1;) alert tcp $HOME_NET any -> [96.61.113.203] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.61.113.203/; sid:900623026; rev:1;) alert tcp $HOME_NET any -> [41.77.74.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.77.74.214/; sid:900623021; rev:1;) alert tcp $HOME_NET any -> [86.6.123.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.6.123.109/; sid:900623022; rev:1;) alert tcp $HOME_NET any -> [58.93.151.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.93.151.148/; sid:900623104; rev:1;) alert tcp $HOME_NET any -> [85.109.190.235] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.109.190.235/; sid:900623061; rev:1;) alert tcp $HOME_NET any -> [92.38.171.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.54/; sid:900623019; rev:1;) alert tcp $HOME_NET any -> [107.172.251.159] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.251.159/; sid:900623018; rev:1;) alert tcp $HOME_NET any -> [45.51.40.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.51.40.140/; sid:900623069; rev:1;) alert tcp $HOME_NET any -> [80.21.182.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.21.182.46/; sid:900623062; rev:1;) alert tcp $HOME_NET any -> [107.172.208.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.208.52/; sid:900623016; rev:1;) alert tcp $HOME_NET any -> [83.156.88.159] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.156.88.159/; sid:900623020; rev:1;) alert tcp $HOME_NET any -> [86.98.156.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.156.239/; sid:900623012; rev:1;) alert tcp $HOME_NET any -> [185.159.102.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.159.102.74/; sid:901512247; rev:1;) alert tcp $HOME_NET any -> [116.48.142.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.48.142.21/; sid:900623010; rev:1;) alert tcp $HOME_NET any -> [101.187.134.207] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.134.207/; sid:900623011; rev:1;) alert tcp $HOME_NET any -> [79.31.85.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.31.85.103/; sid:900623017; rev:1;) alert tcp $HOME_NET any -> [82.8.232.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.8.232.51/; sid:900623013; rev:1;) alert tcp $HOME_NET any -> [195.123.221.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.5/; sid:900623008; rev:1;) alert tcp $HOME_NET any -> [107.172.29.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.110/; sid:900623002; rev:1;) alert tcp $HOME_NET any -> [176.106.183.253] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.106.183.253/; sid:900622997; rev:1;) alert tcp $HOME_NET any -> [82.79.244.92] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.79.244.92/; sid:901499254; rev:1;) alert tcp $HOME_NET any -> [210.224.65.117] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.224.65.117/; sid:901499245; rev:1;) alert tcp $HOME_NET any -> [1.32.54.12] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.32.54.12/; sid:900622994; rev:1;) alert tcp $HOME_NET any -> [121.175.14.59] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.175.14.59/; sid:901499232; rev:1;) alert tcp $HOME_NET any -> [188.216.24.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.216.24.204/; sid:900622992; rev:1;) alert tcp $HOME_NET any -> [130.45.45.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.45.45.31/; sid:900622991; rev:1;) alert tcp $HOME_NET any -> [105.227.58.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.58.49/; sid:901499204; rev:1;) alert tcp $HOME_NET any -> [64.44.133.151] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.151/; sid:900622990; rev:1;) alert tcp $HOME_NET any -> [144.217.50.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.246/; sid:900622989; rev:1;) alert tcp $HOME_NET any -> [98.15.140.226] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.15.140.226/; sid:900623014; rev:1;) alert tcp $HOME_NET any -> [193.33.38.208] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.33.38.208/; sid:900622985; rev:1;) alert tcp $HOME_NET any -> [188.230.134.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.230.134.205/; sid:900622986; rev:1;) alert tcp $HOME_NET any -> [58.171.42.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.42.66/; sid:900622996; rev:1;) alert tcp $HOME_NET any -> [164.68.101.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.101.171/; sid:901497219; rev:1;) alert tcp $HOME_NET any -> [92.186.52.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.186.52.193/; sid:901497210; rev:1;) alert tcp $HOME_NET any -> [173.70.81.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.70.81.77/; sid:901497189; rev:1;) alert tcp $HOME_NET any -> [189.134.4.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.4.209/; sid:900622995; rev:1;) alert tcp $HOME_NET any -> [77.245.12.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.245.12.212/; sid:900623000; rev:1;) alert tcp $HOME_NET any -> [139.130.241.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.130.241.252/; sid:900622998; rev:1;) alert tcp $HOME_NET any -> [186.215.101.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.215.101.106/; sid:901497622; rev:1;) alert tcp $HOME_NET any -> [103.122.75.218] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.122.75.218/; sid:900622978; rev:1;) alert tcp $HOME_NET any -> [83.110.107.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.107.243/; sid:900622982; rev:1;) alert tcp $HOME_NET any -> [187.74.69.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.74.69.152/; sid:901494964; rev:1;) alert tcp $HOME_NET any -> [98.196.49.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.196.49.107/; sid:901494699; rev:1;) alert tcp $HOME_NET any -> [186.68.48.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.68.48.204/; sid:900622977; rev:1;) alert tcp $HOME_NET any -> [191.103.76.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.103.76.34/; sid:901494683; rev:1;) alert tcp $HOME_NET any -> [96.126.121.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.126.121.64/; sid:900622976; rev:1;) alert tcp $HOME_NET any -> [200.119.11.118] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.119.11.118/; sid:900623009; rev:1;) alert tcp $HOME_NET any -> [24.28.178.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.28.178.71/; sid:900623015; rev:1;) alert tcp $HOME_NET any -> [85.143.220.41] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.220.41/; sid:900623001; rev:1;) alert tcp $HOME_NET any -> [70.175.171.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.175.171.251/; sid:900622983; rev:1;) alert tcp $HOME_NET any -> [194.5.250.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.50/; sid:900622981; rev:1;) alert tcp $HOME_NET any -> [204.63.252.182] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.63.252.182/; sid:900623027; rev:1;) alert tcp $HOME_NET any -> [146.185.219.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.94/; sid:900622971; rev:1;) alert tcp $HOME_NET any -> [172.82.152.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.130/; sid:900622970; rev:1;) alert tcp $HOME_NET any -> [193.37.213.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.213.110/; sid:900622969; rev:1;) alert tcp $HOME_NET any -> [189.225.211.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.211.171/; sid:900623007; rev:1;) alert tcp $HOME_NET any -> [77.241.53.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.241.53.234/; sid:900622963; rev:1;) alert tcp $HOME_NET any -> [177.103.201.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.201.23/; sid:900622974; rev:1;) alert tcp $HOME_NET any -> [81.82.247.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.82.247.216/; sid:900622962; rev:1;) alert tcp $HOME_NET any -> [192.210.217.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.217.94/; sid:901485469; rev:1;) alert tcp $HOME_NET any -> [210.111.160.220] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.111.160.220/; sid:901485447; rev:1;) alert tcp $HOME_NET any -> [69.30.205.162] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.30.205.162/; sid:900622961; rev:1;) alert tcp $HOME_NET any -> [114.183.140.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.183.140.94/; sid:901485442; rev:1;) alert tcp $HOME_NET any -> [92.17.138.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.17.138.248/; sid:901485441; rev:1;) alert tcp $HOME_NET any -> [178.153.91.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.153.91.22/; sid:901485440; rev:1;) alert tcp $HOME_NET any -> [93.147.141.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.147.141.5/; sid:900622967; rev:1;) alert tcp $HOME_NET any -> [91.73.197.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.73.197.90/; sid:900622972; rev:1;) alert tcp $HOME_NET any -> [213.179.105.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.179.105.214/; sid:900622956; rev:1;) alert tcp $HOME_NET any -> [165.228.24.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.228.24.197/; sid:900622954; rev:1;) alert tcp $HOME_NET any -> [91.231.166.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.231.166.126/; sid:900622958; rev:1;) alert tcp $HOME_NET any -> [108.179.206.219] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.179.206.219/; sid:900622960; rev:1;) alert tcp $HOME_NET any -> [108.191.2.72] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.191.2.72/; sid:900622953; rev:1;) alert tcp $HOME_NET any -> [110.142.161.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.142.161.90/; sid:900622979; rev:1;) alert tcp $HOME_NET any -> [63.246.252.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.246.252.234/; sid:900622965; rev:1;) alert tcp $HOME_NET any -> [107.172.29.108] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.108/; sid:900622951; rev:1;) alert tcp $HOME_NET any -> [194.5.250.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.35/; sid:900622950; rev:1;) alert tcp $HOME_NET any -> [185.62.189.132] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.189.132/; sid:900622952; rev:1;) alert tcp $HOME_NET any -> [188.152.7.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.152.7.140/; sid:900622955; rev:1;) alert tcp $HOME_NET any -> [83.165.163.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.165.163.225/; sid:900622984; rev:1;) alert tcp $HOME_NET any -> [68.129.203.162] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.129.203.162/; sid:900623005; rev:1;) alert tcp $HOME_NET any -> [185.160.212.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.160.212.3/; sid:900622975; rev:1;) alert tcp $HOME_NET any -> [80.29.54.20] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.29.54.20/; sid:900622993; rev:1;) alert tcp $HOME_NET any -> [212.64.171.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.64.171.206/; sid:900623028; rev:1;) alert tcp $HOME_NET any -> [172.105.213.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.213.30/; sid:900622959; rev:1;) alert tcp $HOME_NET any -> [72.29.55.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.29.55.174/; sid:900622966; rev:1;) alert tcp $HOME_NET any -> [73.167.135.180] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.167.135.180/; sid:900622964; rev:1;) alert tcp $HOME_NET any -> [91.187.80.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.187.80.246/; sid:900622957; rev:1;) alert tcp $HOME_NET any -> [185.43.5.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.5.84/; sid:900622949; rev:1;) alert tcp $HOME_NET any -> [5.2.72.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.72.84/; sid:900622947; rev:1;) alert tcp $HOME_NET any -> [194.99.22.48] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.22.48/; sid:900622948; rev:1;) alert tcp $HOME_NET any -> [107.172.208.51] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.208.51/; sid:900622946; rev:1;) alert tcp $HOME_NET any -> [5.34.177.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.177.50/; sid:900622945; rev:1;) alert tcp $HOME_NET any -> [83.99.211.160] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.99.211.160/; sid:900622943; rev:1;) alert tcp $HOME_NET any -> [45.129.121.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.129.121.222/; sid:900622941; rev:1;) alert tcp $HOME_NET any -> [123.142.37.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.142.37.165/; sid:900622939; rev:1;) alert tcp $HOME_NET any -> [37.132.193.19] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.132.193.19/; sid:900622936; rev:1;) alert tcp $HOME_NET any -> [110.143.18.92] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.143.18.92/; sid:901476972; rev:1;) alert tcp $HOME_NET any -> [188.14.39.65] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.14.39.65/; sid:900622935; rev:1;) alert tcp $HOME_NET any -> [47.146.42.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.146.42.234/; sid:900622937; rev:1;) alert tcp $HOME_NET any -> [66.55.71.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.152/; sid:900622933; rev:1;) alert tcp $HOME_NET any -> [118.201.230.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.201.230.249/; sid:901475882; rev:1;) alert tcp $HOME_NET any -> [190.5.162.204] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.5.162.204/; sid:900622940; rev:1;) alert tcp $HOME_NET any -> [173.13.135.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.13.135.102/; sid:900622930; rev:1;) alert tcp $HOME_NET any -> [91.242.138.5] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.242.138.5/; sid:900622932; rev:1;) alert tcp $HOME_NET any -> [212.186.191.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.186.191.177/; sid:900622931; rev:1;) alert tcp $HOME_NET any -> [72.69.99.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.69.99.47/; sid:900622942; rev:1;) alert tcp $HOME_NET any -> [95.179.195.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.179.195.74/; sid:900622938; rev:1;) alert tcp $HOME_NET any -> [194.5.250.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.125/; sid:900622929; rev:1;) alert tcp $HOME_NET any -> [107.172.29.105] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.29.105/; sid:900622928; rev:1;) alert tcp $HOME_NET any -> [185.174.172.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.174.172.203/; sid:900622927; rev:1;) alert tcp $HOME_NET any -> [172.82.152.115] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.115/; sid:900622926; rev:1;) alert tcp $HOME_NET any -> [45.80.148.168] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.168/; sid:900622925; rev:1;) alert tcp $HOME_NET any -> [212.73.150.4] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.4/; sid:900622923; rev:1;) alert tcp $HOME_NET any -> [190.100.16.210] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.100.16.210/; sid:900623235; rev:1;) alert tcp $HOME_NET any -> [107.2.2.28] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.2.2.28/; sid:900622915; rev:1;) alert tcp $HOME_NET any -> [189.236.4.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.4.214/; sid:901461135; rev:1;) alert tcp $HOME_NET any -> [144.139.56.105] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.56.105/; sid:900622968; rev:1;) alert tcp $HOME_NET any -> [116.48.138.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.48.138.115/; sid:900622924; rev:1;) alert tcp $HOME_NET any -> [118.200.218.193] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.200.218.193/; sid:900622913; rev:1;) alert tcp $HOME_NET any -> [60.53.3.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.53.3.153/; sid:900622980; rev:1;) alert tcp $HOME_NET any -> [122.11.164.183] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.11.164.183/; sid:900622944; rev:1;) alert tcp $HOME_NET any -> [187.233.220.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.220.93/; sid:900623006; rev:1;) alert tcp $HOME_NET any -> [190.101.87.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.101.87.170/; sid:900622987; rev:1;) alert tcp $HOME_NET any -> [172.90.70.168] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.90.70.168/; sid:900622920; rev:1;) alert tcp $HOME_NET any -> [189.180.105.125] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.180.105.125/; sid:900622921; rev:1;) alert tcp $HOME_NET any -> [188.165.62.47] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.47/; sid:900622911; rev:1;) alert tcp $HOME_NET any -> [146.185.253.175] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.175/; sid:900622910; rev:1;) alert tcp $HOME_NET any -> [200.71.193.220] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.71.193.220/; sid:900622914; rev:1;) alert tcp $HOME_NET any -> [47.50.251.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.50.251.130/; sid:900622917; rev:1;) alert tcp $HOME_NET any -> [94.156.35.206] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.206/; sid:900622908; rev:1;) alert tcp $HOME_NET any -> [197.90.159.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.90.159.42/; sid:900622918; rev:1;) alert tcp $HOME_NET any -> [109.166.89.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.166.89.91/; sid:900622912; rev:1;) alert tcp $HOME_NET any -> [211.218.105.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.218.105.101/; sid:900622919; rev:1;) alert tcp $HOME_NET any -> [190.12.119.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.12.119.180/; sid:900622916; rev:1;) alert tcp $HOME_NET any -> [162.244.32.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.52/; sid:900622907; rev:1;) alert tcp $HOME_NET any -> [162.247.155.113] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.113/; sid:900622906; rev:1;) alert tcp $HOME_NET any -> [167.86.123.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.86.123.83/; sid:900622905; rev:1;) alert tcp $HOME_NET any -> [51.89.73.144] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.73.144/; sid:900622903; rev:1;) alert tcp $HOME_NET any -> [103.75.117.188] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.117.188/; sid:900622902; rev:1;) alert tcp $HOME_NET any -> [45.141.100.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.100.190/; sid:900622909; rev:1;) alert tcp $HOME_NET any -> [107.181.187.221] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.187.221/; sid:900622904; rev:1;) alert tcp $HOME_NET any -> [85.217.170.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.170.153/; sid:900622899; rev:1;) alert tcp $HOME_NET any -> [5.2.77.78] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.77.78/; sid:900622900; rev:1;) alert tcp $HOME_NET any -> [5.2.72.102] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.72.102/; sid:900622897; rev:1;) alert tcp $HOME_NET any -> [192.227.173.100] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.173.100/; sid:900622898; rev:1;) alert tcp $HOME_NET any -> [82.118.21.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.57/; sid:900622895; rev:1;) alert tcp $HOME_NET any -> [5.182.210.30] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.30/; sid:900622894; rev:1;) alert tcp $HOME_NET any -> [66.55.71.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.151/; sid:900622896; rev:1;) alert tcp $HOME_NET any -> [85.204.116.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.154/; sid:900622893; rev:1;) alert tcp $HOME_NET any -> [172.245.159.121] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.159.121/; sid:900622890; rev:1;) alert tcp $HOME_NET any -> [194.5.250.121] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.121/; sid:900622891; rev:1;) alert tcp $HOME_NET any -> [192.227.232.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.46/; sid:900622892; rev:1;) alert tcp $HOME_NET any -> [198.15.119.79] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.15.119.79/; sid:900622889; rev:1;) alert tcp $HOME_NET any -> [172.82.152.140] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.140/; sid:900622886; rev:1;) alert tcp $HOME_NET any -> [120.150.246.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.150.246.241/; sid:900622879; rev:1;) alert tcp $HOME_NET any -> [197.254.221.174] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.254.221.174/; sid:900622882; rev:1;) alert tcp $HOME_NET any -> [195.244.215.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.244.215.206/; sid:900622881; rev:1;) alert tcp $HOME_NET any -> [190.186.164.23] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.164.23/; sid:900622885; rev:1;) alert tcp $HOME_NET any -> [47.187.70.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.187.70.124/; sid:900622878; rev:1;) alert tcp $HOME_NET any -> [2.38.99.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.38.99.79/; sid:900622876; rev:1;) alert tcp $HOME_NET any -> [125.230.36.147] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.230.36.147/; sid:900622875; rev:1;) alert tcp $HOME_NET any -> [187.144.236.211] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.236.211/; sid:901449857; rev:1;) alert tcp $HOME_NET any -> [72.27.212.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.27.212.209/; sid:900622872; rev:1;) alert tcp $HOME_NET any -> [85.105.183.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.105.183.228/; sid:900622873; rev:1;) alert tcp $HOME_NET any -> [187.250.92.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.250.92.82/; sid:900622870; rev:1;) alert tcp $HOME_NET any -> [41.218.118.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.218.118.66/; sid:900622871; rev:1;) alert tcp $HOME_NET any -> [95.219.199.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.219.199.225/; sid:900622877; rev:1;) alert tcp $HOME_NET any -> [161.18.233.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.18.233.114/; sid:901449612; rev:1;) alert tcp $HOME_NET any -> [81.213.145.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.145.45/; sid:900622874; rev:1;) alert tcp $HOME_NET any -> [77.211.249.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.211.249.124/; sid:900622884; rev:1;) alert tcp $HOME_NET any -> [187.190.49.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.49.92/; sid:900622887; rev:1;) alert tcp $HOME_NET any -> [12.229.155.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.229.155.122/; sid:900622880; rev:1;) alert tcp $HOME_NET any -> [5.88.182.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.88.182.250/; sid:900622883; rev:1;) alert tcp $HOME_NET any -> [128.65.154.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.65.154.183/; sid:900622922; rev:1;) alert tcp $HOME_NET any -> [101.187.247.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.247.29/; sid:900623045; rev:1;) alert tcp $HOME_NET any -> [201.183.251.100] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.251.100/; sid:900622934; rev:1;) alert tcp $HOME_NET any -> [195.226.144.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.226.144.249/; sid:900622888; rev:1;) alert tcp $HOME_NET any -> [81.177.22.39] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.22.39/; sid:900622864; rev:1;) alert tcp $HOME_NET any -> [186.0.68.43] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.0.68.43/; sid:900622865; rev:1;) alert tcp $HOME_NET any -> [86.142.102.191] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.142.102.191/; sid:901442969; rev:1;) alert tcp $HOME_NET any -> [190.17.42.79] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.17.42.79/; sid:900622862; rev:1;) alert tcp $HOME_NET any -> [54.38.94.197] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.94.197/; sid:900622863; rev:1;) alert tcp $HOME_NET any -> [85.143.221.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.221.75/; sid:900622859; rev:1;) alert tcp $HOME_NET any -> [37.46.135.95] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.46.135.95/; sid:900622858; rev:1;) alert tcp $HOME_NET any -> [45.132.19.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.132.19.197/; sid:900622855; rev:1;) alert tcp $HOME_NET any -> [185.99.2.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.115/; sid:900622860; rev:1;) alert tcp $HOME_NET any -> [146.185.219.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.50/; sid:900622854; rev:1;) alert tcp $HOME_NET any -> [146.185.253.174] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.174/; sid:900622853; rev:1;) alert tcp $HOME_NET any -> [45.56.88.91] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.88.91/; sid:900622866; rev:1;) alert tcp $HOME_NET any -> [59.110.18.236] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.110.18.236/; sid:900622867; rev:1;) alert tcp $HOME_NET any -> [80.211.32.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.211.32.88/; sid:900622869; rev:1;) alert tcp $HOME_NET any -> [50.63.13.135] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.63.13.135/; sid:900622868; rev:1;) alert tcp $HOME_NET any -> [66.85.173.56] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.173.56/; sid:900622852; rev:1;) alert tcp $HOME_NET any -> [185.174.173.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.174.173.143/; sid:900622851; rev:1;) alert tcp $HOME_NET any -> [195.123.221.232] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.232/; sid:900622850; rev:1;) alert tcp $HOME_NET any -> [51.89.73.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.73.148/; sid:900622861; rev:1;) alert tcp $HOME_NET any -> [51.68.220.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.220.244/; sid:900622856; rev:1;) alert tcp $HOME_NET any -> [185.234.72.64] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.234.72.64/; sid:900622857; rev:1;) alert tcp $HOME_NET any -> [24.45.193.161] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.45.193.161/; sid:900622848; rev:1;) alert tcp $HOME_NET any -> [142.127.57.63] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.127.57.63/; sid:900622849; rev:1;) alert tcp $HOME_NET any -> [186.66.224.182] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.66.224.182/; sid:900622846; rev:1;) alert tcp $HOME_NET any -> [5.2.76.197] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.76.197/; sid:900622845; rev:1;) alert tcp $HOME_NET any -> [45.138.157.23] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.157.23/; sid:900622844; rev:1;) alert tcp $HOME_NET any -> [188.225.10.47] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.10.47/; sid:900622843; rev:1;) alert tcp $HOME_NET any -> [81.177.181.222] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.181.222/; sid:900622842; rev:1;) alert tcp $HOME_NET any -> [185.90.61.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.107/; sid:900622841; rev:1;) alert tcp $HOME_NET any -> [46.17.105.97] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.105.97/; sid:900622840; rev:1;) alert tcp $HOME_NET any -> [188.120.251.251] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.120.251.251/; sid:900622839; rev:1;) alert tcp $HOME_NET any -> [203.130.0.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.130.0.69/; sid:900622838; rev:1;) alert tcp $HOME_NET any -> [182.176.116.139] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.116.139/; sid:901430862; rev:1;) alert tcp $HOME_NET any -> [80.93.48.49] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.93.48.49/; sid:900622836; rev:1;) alert tcp $HOME_NET any -> [2.57.184.9] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.57.184.9/; sid:900622834; rev:1;) alert tcp $HOME_NET any -> [31.31.77.83] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.31.77.83/; sid:901430645; rev:1;) alert tcp $HOME_NET any -> [94.192.228.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.192.228.255/; sid:901430635; rev:1;) alert tcp $HOME_NET any -> [167.114.242.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.114.242.226/; sid:901430629; rev:1;) alert tcp $HOME_NET any -> [68.169.37.208] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.169.37.208/; sid:901430620; rev:1;) alert tcp $HOME_NET any -> [192.161.190.171] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.161.190.171/; sid:900622835; rev:1;) alert tcp $HOME_NET any -> [104.236.137.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.137.72/; sid:900622837; rev:1;) alert tcp $HOME_NET any -> [206.189.112.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.112.148/; sid:900622833; rev:1;) alert tcp $HOME_NET any -> [51.254.69.222] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.222/; sid:900622830; rev:1;) alert tcp $HOME_NET any -> [5.34.176.212] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.212/; sid:900622832; rev:1;) alert tcp $HOME_NET any -> [206.81.10.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.81.10.215/; sid:900622847; rev:1;) alert tcp $HOME_NET any -> [148.251.185.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.186/; sid:900622831; rev:1;) alert tcp $HOME_NET any -> [5.182.211.61] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.211.61/; sid:900622829; rev:1;) alert tcp $HOME_NET any -> [81.177.180.252] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.180.252/; sid:900622827; rev:1;) alert tcp $HOME_NET any -> [51.89.115.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.113/; sid:900622826; rev:1;) alert tcp $HOME_NET any -> [146.185.253.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.170/; sid:900622825; rev:1;) alert tcp $HOME_NET any -> [185.203.243.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.243.138/; sid:900622824; rev:1;) alert tcp $HOME_NET any -> [91.92.136.82] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.136.82/; sid:900622823; rev:1;) alert tcp $HOME_NET any -> [5.2.76.193] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.76.193/; sid:900622822; rev:1;) alert tcp $HOME_NET any -> [185.99.2.245] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.245/; sid:900622821; rev:1;) alert tcp $HOME_NET any -> [185.222.202.183] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.183/; sid:900622828; rev:1;) alert tcp $HOME_NET any -> [189.252.3.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.3.161/; sid:900622820; rev:1;) alert tcp $HOME_NET any -> [50.116.86.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.86.205/; sid:900622819; rev:1;) alert tcp $HOME_NET any -> [117.196.233.79] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.196.233.79/; sid:900622817; rev:1;) alert tcp $HOME_NET any -> [212.73.150.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.233/; sid:900622816; rev:1;) alert tcp $HOME_NET any -> [182.48.194.6] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.48.194.6/; sid:900622813; rev:1;) alert tcp $HOME_NET any -> [209.97.168.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.97.168.52/; sid:900622814; rev:1;) alert tcp $HOME_NET any -> [198.58.120.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.58.120.26/; sid:900622815; rev:1;) alert tcp $HOME_NET any -> [192.3.73.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.73.164/; sid:900622809; rev:1;) alert tcp $HOME_NET any -> [103.196.211.212] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.196.211.212/; sid:900622808; rev:1;) alert tcp $HOME_NET any -> [23.94.3.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.3.13/; sid:900622807; rev:1;) alert tcp $HOME_NET any -> [108.170.52.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.52.149/; sid:900622806; rev:1;) alert tcp $HOME_NET any -> [185.99.2.242] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.242/; sid:900622805; rev:1;) alert tcp $HOME_NET any -> [195.123.220.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.193/; sid:900622804; rev:1;) alert tcp $HOME_NET any -> [190.147.215.53] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.215.53/; sid:900622802; rev:1;) alert tcp $HOME_NET any -> [90.77.228.193] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.77.228.193/; sid:900622803; rev:1;) alert tcp $HOME_NET any -> [181.91.215.151] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.91.215.151/; sid:900622810; rev:1;) alert tcp $HOME_NET any -> [190.189.79.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.79.73/; sid:900622800; rev:1;) alert tcp $HOME_NET any -> [149.202.197.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.197.94/; sid:900622801; rev:1;) alert tcp $HOME_NET any -> [164.68.96.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.68.96.155/; sid:900622799; rev:1;) alert tcp $HOME_NET any -> [94.103.82.99] 2050 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.82.99/; sid:900622797; rev:1;) alert tcp $HOME_NET any -> [139.162.75.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.75.91/; sid:900622798; rev:1;) alert tcp $HOME_NET any -> [192.3.104.48] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.104.48/; sid:900622795; rev:1;) alert tcp $HOME_NET any -> [51.89.115.100] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.100/; sid:900622794; rev:1;) alert tcp $HOME_NET any -> [185.99.2.169] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.169/; sid:900622793; rev:1;) alert tcp $HOME_NET any -> [195.123.220.184] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.184/; sid:900622791; rev:1;) alert tcp $HOME_NET any -> [107.172.39.48] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.39.48/; sid:900622792; rev:1;) alert tcp $HOME_NET any -> [93.189.42.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.182/; sid:900622796; rev:1;) alert tcp $HOME_NET any -> [212.73.150.127] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.127/; sid:900622788; rev:1;) alert tcp $HOME_NET any -> [89.32.41.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.104/; sid:900622789; rev:1;) alert tcp $HOME_NET any -> [212.80.218.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.218.237/; sid:900622790; rev:1;) alert tcp $HOME_NET any -> [85.217.171.229] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.171.229/; sid:900622786; rev:1;) alert tcp $HOME_NET any -> [192.3.247.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.106/; sid:900622787; rev:1;) alert tcp $HOME_NET any -> [107.170.24.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.24.125/; sid:900622785; rev:1;) alert tcp $HOME_NET any -> [212.129.14.27] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.14.27/; sid:901389121; rev:1;) alert tcp $HOME_NET any -> [87.118.70.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.118.70.69/; sid:901388748; rev:1;) alert tcp $HOME_NET any -> [217.26.163.82] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.26.163.82/; sid:900622783; rev:1;) alert tcp $HOME_NET any -> [164.132.75.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.75.130/; sid:900622780; rev:1;) alert tcp $HOME_NET any -> [172.104.233.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.233.225/; sid:900622781; rev:1;) alert tcp $HOME_NET any -> [222.239.249.166] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.239.249.166/; sid:900622784; rev:1;) alert tcp $HOME_NET any -> [5.2.74.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.74.153/; sid:900622778; rev:1;) alert tcp $HOME_NET any -> [194.36.191.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.191.37/; sid:900622779; rev:1;) alert tcp $HOME_NET any -> [185.117.119.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.179/; sid:900622782; rev:1;) alert tcp $HOME_NET any -> [198.46.163.40] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.163.40/; sid:900622776; rev:1;) alert tcp $HOME_NET any -> [45.141.100.6] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.100.6/; sid:900622769; rev:1;) alert tcp $HOME_NET any -> [5.34.176.43] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.34.176.43/; sid:900622770; rev:1;) alert tcp $HOME_NET any -> [94.156.35.235] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.235/; sid:900622771; rev:1;) alert tcp $HOME_NET any -> [188.165.62.17] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.17/; sid:900622772; rev:1;) alert tcp $HOME_NET any -> [185.90.61.85] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.85/; sid:900622767; rev:1;) alert tcp $HOME_NET any -> [146.185.219.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.131/; sid:900622774; rev:1;) alert tcp $HOME_NET any -> [37.230.114.53] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.230.114.53/; sid:900622773; rev:1;) alert tcp $HOME_NET any -> [146.185.253.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.131/; sid:900622768; rev:1;) alert tcp $HOME_NET any -> [5.2.74.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.74.126/; sid:900622766; rev:1;) alert tcp $HOME_NET any -> [194.5.250.169] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.169/; sid:900622775; rev:1;) alert tcp $HOME_NET any -> [198.46.161.221] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.161.221/; sid:900622764; rev:1;) alert tcp $HOME_NET any -> [195.123.220.74] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.74/; sid:900622763; rev:1;) alert tcp $HOME_NET any -> [146.185.253.123] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.253.123/; sid:900622762; rev:1;) alert tcp $HOME_NET any -> [23.95.20.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.20.181/; sid:900622761; rev:1;) alert tcp $HOME_NET any -> [185.99.2.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.167/; sid:900622759; rev:1;) alert tcp $HOME_NET any -> [66.55.71.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.141/; sid:900622758; rev:1;) alert tcp $HOME_NET any -> [45.137.151.25] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.137.151.25/; sid:900622756; rev:1;) alert tcp $HOME_NET any -> [92.169.250.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.169.250.229/; sid:900622765; rev:1;) alert tcp $HOME_NET any -> [192.227.232.82] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.82/; sid:900622757; rev:1;) alert tcp $HOME_NET any -> [66.85.173.9] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.173.9/; sid:900622760; rev:1;) alert tcp $HOME_NET any -> [198.58.109.168] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.58.109.168/; sid:900622751; rev:1;) alert tcp $HOME_NET any -> [213.189.36.51] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.189.36.51/; sid:900622752; rev:1;) alert tcp $HOME_NET any -> [70.32.78.99] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.78.99/; sid:900622753; rev:1;) alert tcp $HOME_NET any -> [195.201.56.68] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.56.68/; sid:901368144; rev:1;) alert tcp $HOME_NET any -> [110.93.247.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.93.247.98/; sid:900622755; rev:1;) alert tcp $HOME_NET any -> [187.230.99.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.230.99.192/; sid:900622749; rev:1;) alert tcp $HOME_NET any -> [195.201.56.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.56.70/; sid:900622750; rev:1;) alert tcp $HOME_NET any -> [65.23.154.17] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.23.154.17/; sid:900622754; rev:1;) alert tcp $HOME_NET any -> [188.225.82.114] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.82.114/; sid:900622747; rev:1;) alert tcp $HOME_NET any -> [178.170.189.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.19/; sid:900622746; rev:1;) alert tcp $HOME_NET any -> [181.129.104.139] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.104.139/; sid:900622744; rev:1;) alert tcp $HOME_NET any -> [45.238.37.14] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.238.37.14/; sid:900622742; rev:1;) alert tcp $HOME_NET any -> [181.129.167.82] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.167.82/; sid:900622743; rev:1;) alert tcp $HOME_NET any -> [181.112.157.42] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.157.42/; sid:900622740; rev:1;) alert tcp $HOME_NET any -> [103.255.10.24] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.255.10.24/; sid:900622741; rev:1;) alert tcp $HOME_NET any -> [86.98.64.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.64.189/; sid:900622738; rev:1;) alert tcp $HOME_NET any -> [162.144.46.90] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.46.90/; sid:901359742; rev:1;) alert tcp $HOME_NET any -> [46.17.6.116] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.17.6.116/; sid:901359716; rev:1;) alert tcp $HOME_NET any -> [163.172.97.112] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.97.112/; sid:900622735; rev:1;) alert tcp $HOME_NET any -> [91.205.173.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.173.54/; sid:900622734; rev:1;) alert tcp $HOME_NET any -> [105.226.188.128] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.188.128/; sid:900622733; rev:1;) alert tcp $HOME_NET any -> [107.170.27.84] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.170.27.84/; sid:900622736; rev:1;) alert tcp $HOME_NET any -> [144.76.56.36] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.56.36/; sid:900622737; rev:1;) alert tcp $HOME_NET any -> [134.209.214.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.214.126/; sid:901359486; rev:1;) alert tcp $HOME_NET any -> [191.92.209.110] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.209.110/; sid:900622739; rev:1;) alert tcp $HOME_NET any -> [190.72.235.47] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.235.47/; sid:900622732; rev:1;) alert tcp $HOME_NET any -> [185.222.202.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.25/; sid:900622731; rev:1;) alert tcp $HOME_NET any -> [144.91.80.253] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.80.253/; sid:900622730; rev:1;) alert tcp $HOME_NET any -> [78.46.87.133] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.87.133/; sid:901354446; rev:1;) alert tcp $HOME_NET any -> [172.245.13.50] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.13.50/; sid:901354443; rev:1;) alert tcp $HOME_NET any -> [37.59.24.25] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.24.25/; sid:901354427; rev:1;) alert tcp $HOME_NET any -> [204.225.249.100] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.225.249.100/; sid:901830764; rev:1;) alert tcp $HOME_NET any -> [85.234.143.94] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.234.143.94/; sid:900622727; rev:1;) alert tcp $HOME_NET any -> [60.54.37.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.54.37.25/; sid:901354327; rev:1;) alert tcp $HOME_NET any -> [177.226.25.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.226.25.78/; sid:900622745; rev:1;) alert tcp $HOME_NET any -> [78.47.106.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.47.106.72/; sid:900622729; rev:1;) alert tcp $HOME_NET any -> [190.214.13.2] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.214.13.2/; sid:900622724; rev:1;) alert tcp $HOME_NET any -> [190.146.176.67] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.176.67/; sid:900622723; rev:1;) alert tcp $HOME_NET any -> [103.63.31.38] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.63.31.38/; sid:900622722; rev:1;) alert tcp $HOME_NET any -> [189.226.151.198] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.226.151.198/; sid:900622725; rev:1;) alert tcp $HOME_NET any -> [72.47.202.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.47.202.235/; sid:900622728; rev:1;) alert tcp $HOME_NET any -> [181.129.134.18] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.134.18/; sid:900622718; rev:1;) alert tcp $HOME_NET any -> [5.2.79.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.79.203/; sid:900622715; rev:1;) alert tcp $HOME_NET any -> [181.113.28.146] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.28.146/; sid:900622716; rev:1;) alert tcp $HOME_NET any -> [185.99.2.166] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.166/; sid:900622714; rev:1;) alert tcp $HOME_NET any -> [66.85.173.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.173.57/; sid:900622713; rev:1;) alert tcp $HOME_NET any -> [181.196.207.202] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.196.207.202/; sid:900622717; rev:1;) alert tcp $HOME_NET any -> [173.212.220.251] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.220.251/; sid:900622709; rev:1;) alert tcp $HOME_NET any -> [50.116.78.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.116.78.109/; sid:901347428; rev:1;) alert tcp $HOME_NET any -> [189.154.130.167] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.130.167/; sid:901347421; rev:1;) alert tcp $HOME_NET any -> [104.238.80.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.238.80.237/; sid:900622707; rev:1;) alert tcp $HOME_NET any -> [189.141.224.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.141.224.163/; sid:900622710; rev:1;) alert tcp $HOME_NET any -> [192.241.255.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.255.77/; sid:900622711; rev:1;) alert tcp $HOME_NET any -> [81.2.235.48] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.2.235.48/; sid:900622708; rev:1;) alert tcp $HOME_NET any -> [117.206.149.29] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.206.149.29/; sid:900622704; rev:1;) alert tcp $HOME_NET any -> [117.197.119.219] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.197.119.219/; sid:900622705; rev:1;) alert tcp $HOME_NET any -> [177.105.242.229] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.105.242.229/; sid:900622701; rev:1;) alert tcp $HOME_NET any -> [45.141.102.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.141.102.2/; sid:900622696; rev:1;) alert tcp $HOME_NET any -> [185.57.167.32] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.57.167.32/; sid:900622699; rev:1;) alert tcp $HOME_NET any -> [194.5.250.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.109/; sid:900622695; rev:1;) alert tcp $HOME_NET any -> [212.73.150.144] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.144/; sid:900622697; rev:1;) alert tcp $HOME_NET any -> [185.222.202.242] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.242/; sid:900622694; rev:1;) alert tcp $HOME_NET any -> [185.189.122.68] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.189.122.68/; sid:900622698; rev:1;) alert tcp $HOME_NET any -> [195.123.239.79] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.79/; sid:900622706; rev:1;) alert tcp $HOME_NET any -> [185.11.146.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.11.146.90/; sid:900622690; rev:1;) alert tcp $HOME_NET any -> [194.5.250.162] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.162/; sid:900622688; rev:1;) alert tcp $HOME_NET any -> [103.219.213.102] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.219.213.102/; sid:900622687; rev:1;) alert tcp $HOME_NET any -> [195.123.238.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.214/; sid:900622686; rev:1;) alert tcp $HOME_NET any -> [195.123.220.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.151/; sid:900622685; rev:1;) alert tcp $HOME_NET any -> [95.181.198.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.94/; sid:900622683; rev:1;) alert tcp $HOME_NET any -> [152.169.32.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.32.143/; sid:900622691; rev:1;) alert tcp $HOME_NET any -> [94.67.21.187] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.67.21.187/; sid:901322107; rev:1;) alert tcp $HOME_NET any -> [190.4.50.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.4.50.26/; sid:900622682; rev:1;) alert tcp $HOME_NET any -> [185.177.59.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.177.59.41/; sid:900622676; rev:1;) alert tcp $HOME_NET any -> [190.128.222.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.222.14/; sid:901316853; rev:1;) alert tcp $HOME_NET any -> [186.109.28.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.109.28.142/; sid:901316838; rev:1;) alert tcp $HOME_NET any -> [181.140.173.186] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.140.173.186/; sid:900622702; rev:1;) alert tcp $HOME_NET any -> [5.2.77.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.2.77.5/; sid:900622673; rev:1;) alert tcp $HOME_NET any -> [51.89.115.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.98/; sid:900622671; rev:1;) alert tcp $HOME_NET any -> [66.55.71.129] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.129/; sid:900622672; rev:1;) alert tcp $HOME_NET any -> [181.57.193.14] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.193.14/; sid:900622669; rev:1;) alert tcp $HOME_NET any -> [190.51.63.1] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.63.1/; sid:901314580; rev:1;) alert tcp $HOME_NET any -> [189.252.102.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.102.40/; sid:900622675; rev:1;) alert tcp $HOME_NET any -> [74.208.125.192] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.125.192/; sid:900622670; rev:1;) alert tcp $HOME_NET any -> [189.173.113.67] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.173.113.67/; sid:900622678; rev:1;) alert tcp $HOME_NET any -> [190.142.200.108] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.142.200.108/; sid:900622681; rev:1;) alert tcp $HOME_NET any -> [91.108.150.213] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.108.150.213/; sid:900622689; rev:1;) alert tcp $HOME_NET any -> [170.84.78.224] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.84.78.224/; sid:900622684; rev:1;) alert tcp $HOME_NET any -> [191.100.24.201] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.100.24.201/; sid:900622693; rev:1;) alert tcp $HOME_NET any -> [181.197.108.171] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.108.171/; sid:900622712; rev:1;) alert tcp $HOME_NET any -> [181.113.28.162] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.28.162/; sid:900622668; rev:1;) alert tcp $HOME_NET any -> [189.28.185.50] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.28.185.50/; sid:900622666; rev:1;) alert tcp $HOME_NET any -> [194.5.250.136] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.136/; sid:900622667; rev:1;) alert tcp $HOME_NET any -> [117.255.221.135] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.221.135/; sid:900622700; rev:1;) alert tcp $HOME_NET any -> [184.95.51.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.95.51.5/; sid:900622674; rev:1;) alert tcp $HOME_NET any -> [192.3.247.117] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.117/; sid:900622665; rev:1;) alert tcp $HOME_NET any -> [185.252.144.145] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.145/; sid:900622664; rev:1;) alert tcp $HOME_NET any -> [195.133.145.141] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.145.141/; sid:900622663; rev:1;) alert tcp $HOME_NET any -> [193.34.144.138] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.34.144.138/; sid:900622661; rev:1;) alert tcp $HOME_NET any -> [179.12.170.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.12.170.148/; sid:900622660; rev:1;) alert tcp $HOME_NET any -> [190.79.228.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.228.89/; sid:900622657; rev:1;) alert tcp $HOME_NET any -> [170.130.31.177] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.130.31.177/; sid:900622656; rev:1;) alert tcp $HOME_NET any -> [165.227.156.155] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.227.156.155/; sid:900622659; rev:1;) alert tcp $HOME_NET any -> [104.239.175.211] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.239.175.211/; sid:900622658; rev:1;) alert tcp $HOME_NET any -> [211.110.229.161] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.110.229.161/; sid:900622662; rev:1;) alert tcp $HOME_NET any -> [171.101.153.86] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.101.153.86/; sid:900622651; rev:1;) alert tcp $HOME_NET any -> [67.225.179.64] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.225.179.64/; sid:900622652; rev:1;) alert tcp $HOME_NET any -> [124.150.175.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.150.175.129/; sid:901297781; rev:1;) alert tcp $HOME_NET any -> [188.220.235.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.220.235.237/; sid:900622653; rev:1;) alert tcp $HOME_NET any -> [187.147.152.244] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.152.244/; sid:900622650; rev:1;) alert tcp $HOME_NET any -> [105.228.98.115] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.98.115/; sid:901297664; rev:1;) alert tcp $HOME_NET any -> [189.189.56.216] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.56.216/; sid:900622649; rev:1;) alert tcp $HOME_NET any -> [185.99.2.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.181/; sid:900622643; rev:1;) alert tcp $HOME_NET any -> [85.204.116.74] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.74/; sid:900622644; rev:1;) alert tcp $HOME_NET any -> [139.162.185.116] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.162.185.116/; sid:901294670; rev:1;) alert tcp $HOME_NET any -> [74.208.173.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.173.91/; sid:900622642; rev:1;) alert tcp $HOME_NET any -> [186.18.224.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.18.224.149/; sid:900622647; rev:1;) alert tcp $HOME_NET any -> [193.26.217.24] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.26.217.24/; sid:900622641; rev:1;) alert tcp $HOME_NET any -> [185.117.75.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.112/; sid:900622640; rev:1;) alert tcp $HOME_NET any -> [201.190.133.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.190.133.235/; sid:900622648; rev:1;) alert tcp $HOME_NET any -> [142.93.114.137] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.114.137/; sid:901291109; rev:1;) alert tcp $HOME_NET any -> [190.210.184.138] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.184.138/; sid:900622638; rev:1;) alert tcp $HOME_NET any -> [51.255.165.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.255.165.160/; sid:900622639; rev:1;) alert tcp $HOME_NET any -> [86.150.70.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.150.70.135/; sid:901289945; rev:1;) alert tcp $HOME_NET any -> [217.160.19.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.19.232/; sid:900622636; rev:1;) alert tcp $HOME_NET any -> [111.119.233.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.119.233.65/; sid:900622637; rev:1;) alert tcp $HOME_NET any -> [145.239.188.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.93/; sid:900622632; rev:1;) alert tcp $HOME_NET any -> [45.67.231.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.164/; sid:900622628; rev:1;) alert tcp $HOME_NET any -> [212.80.216.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.52/; sid:900622629; rev:1;) alert tcp $HOME_NET any -> [192.3.247.11] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.11/; sid:900622630; rev:1;) alert tcp $HOME_NET any -> [188.225.82.68] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.82.68/; sid:900622626; rev:1;) alert tcp $HOME_NET any -> [192.95.62.150] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.95.62.150/; sid:900622627; rev:1;) alert tcp $HOME_NET any -> [45.66.10.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.10.22/; sid:900622631; rev:1;) alert tcp $HOME_NET any -> [202.29.215.114] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.29.215.114/; sid:900622634; rev:1;) alert tcp $HOME_NET any -> [212.22.75.95] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.95/; sid:900622625; rev:1;) alert tcp $HOME_NET any -> [194.5.250.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.134/; sid:900622633; rev:1;) alert tcp $HOME_NET any -> [172.82.152.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.82.152.126/; sid:900622624; rev:1;) alert tcp $HOME_NET any -> [185.222.202.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.244/; sid:900622623; rev:1;) alert tcp $HOME_NET any -> [62.109.30.70] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.30.70/; sid:900622622; rev:1;) alert tcp $HOME_NET any -> [23.94.233.210] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.233.210/; sid:900622621; rev:1;) alert tcp $HOME_NET any -> [31.202.132.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.13/; sid:900622620; rev:1;) alert tcp $HOME_NET any -> [85.143.219.157] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.157/; sid:900622618; rev:1;) alert tcp $HOME_NET any -> [185.128.214.204] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.128.214.204/; sid:900622616; rev:1;) alert tcp $HOME_NET any -> [185.14.30.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.30.84/; sid:900622615; rev:1;) alert tcp $HOME_NET any -> [185.99.2.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.99.2.104/; sid:900622619; rev:1;) alert tcp $HOME_NET any -> [45.235.213.126] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.235.213.126/; sid:900622614; rev:1;) alert tcp $HOME_NET any -> [95.216.212.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.216.212.157/; sid:901258273; rev:1;) alert tcp $HOME_NET any -> [142.93.87.198] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.87.198/; sid:901258266; rev:1;) alert tcp $HOME_NET any -> [200.109.58.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.109.58.183/; sid:901258257; rev:1;) alert tcp $HOME_NET any -> [207.154.204.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.154.204.40/; sid:901255629; rev:1;) alert tcp $HOME_NET any -> [163.172.40.218] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.172.40.218/; sid:900622609; rev:1;) alert tcp $HOME_NET any -> [45.56.79.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.79.249/; sid:900622610; rev:1;) alert tcp $HOME_NET any -> [192.241.220.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.220.155/; sid:900622611; rev:1;) alert tcp $HOME_NET any -> [41.75.135.93] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.75.135.93/; sid:900622613; rev:1;) alert tcp $HOME_NET any -> [190.195.148.163] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.195.148.163/; sid:900622612; rev:1;) alert tcp $HOME_NET any -> [186.15.57.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.57.7/; sid:901250630; rev:1;) alert tcp $HOME_NET any -> [201.184.41.228] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.41.228/; sid:901250628; rev:1;) alert tcp $HOME_NET any -> [190.229.205.11] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.229.205.11/; sid:900622608; rev:1;) alert tcp $HOME_NET any -> [183.102.238.69] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.102.238.69/; sid:900622606; rev:1;) alert tcp $HOME_NET any -> [187.155.29.74] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.29.74/; sid:901250544; rev:1;) alert tcp $HOME_NET any -> [189.145.6.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.145.6.189/; sid:900622601; rev:1;) alert tcp $HOME_NET any -> [46.105.131.68] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.131.68/; sid:900622603; rev:1;) alert tcp $HOME_NET any -> [201.210.70.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.70.8/; sid:900622602; rev:1;) alert tcp $HOME_NET any -> [186.159.246.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.246.121/; sid:900622600; rev:1;) alert tcp $HOME_NET any -> [167.99.105.223] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.99.105.223/; sid:900622604; rev:1;) alert tcp $HOME_NET any -> [190.182.161.7] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.182.161.7/; sid:900622607; rev:1;) alert tcp $HOME_NET any -> [192.3.104.46] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.104.46/; sid:900622598; rev:1;) alert tcp $HOME_NET any -> [85.25.138.55] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.138.55/; sid:900622595; rev:1;) alert tcp $HOME_NET any -> [195.123.247.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.247.137/; sid:900622596; rev:1;) alert tcp $HOME_NET any -> [51.89.115.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.125/; sid:900622597; rev:1;) alert tcp $HOME_NET any -> [181.198.203.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.203.45/; sid:900622589; rev:1;) alert tcp $HOME_NET any -> [172.104.70.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.104.70.207/; sid:901240598; rev:1;) alert tcp $HOME_NET any -> [198.57.217.170] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.57.217.170/; sid:901763293; rev:1;) alert tcp $HOME_NET any -> [124.150.175.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.150.175.133/; sid:900622588; rev:1;) alert tcp $HOME_NET any -> [187.131.163.89] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.131.163.89/; sid:901240577; rev:1;) alert tcp $HOME_NET any -> [220.241.38.226] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.241.38.226/; sid:900622593; rev:1;) alert tcp $HOME_NET any -> [85.104.121.33] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.121.33/; sid:900622592; rev:1;) alert tcp $HOME_NET any -> [42.190.4.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.190.4.92/; sid:901239518; rev:1;) alert tcp $HOME_NET any -> [211.229.116.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.229.116.130/; sid:900622594; rev:1;) alert tcp $HOME_NET any -> [212.129.24.79] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.79/; sid:900622591; rev:1;) alert tcp $HOME_NET any -> [128.201.174.107] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.201.174.107/; sid:900622586; rev:1;) alert tcp $HOME_NET any -> [201.210.120.239] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.210.120.239/; sid:900622585; rev:1;) alert tcp $HOME_NET any -> [185.68.93.43] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.68.93.43/; sid:900622583; rev:1;) alert tcp $HOME_NET any -> [201.187.105.123] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.187.105.123/; sid:900622581; rev:1;) alert tcp $HOME_NET any -> [190.111.255.219] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.111.255.219/; sid:900622582; rev:1;) alert tcp $HOME_NET any -> [144.91.79.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.79.9/; sid:900622576; rev:1;) alert tcp $HOME_NET any -> [185.62.188.117] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.188.117/; sid:900622577; rev:1;) alert tcp $HOME_NET any -> [101.108.92.111] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.108.92.111/; sid:900622578; rev:1;) alert tcp $HOME_NET any -> [181.10.207.234] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.10.207.234/; sid:900622580; rev:1;) alert tcp $HOME_NET any -> [190.152.125.22] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.125.22/; sid:900622579; rev:1;) alert tcp $HOME_NET any -> [181.29.164.248] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.164.248/; sid:900622573; rev:1;) alert tcp $HOME_NET any -> [173.249.47.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.47.77/; sid:900622572; rev:1;) alert tcp $HOME_NET any -> [37.187.2.199] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.187.2.199/; sid:900622571; rev:1;) alert tcp $HOME_NET any -> [60.52.64.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.52.64.122/; sid:901216162; rev:1;) alert tcp $HOME_NET any -> [138.186.179.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.186.179.235/; sid:901216157; rev:1;) alert tcp $HOME_NET any -> [189.166.13.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.13.109/; sid:900622568; rev:1;) alert tcp $HOME_NET any -> [201.106.32.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.106.32.171/; sid:900622574; rev:1;) alert tcp $HOME_NET any -> [96.20.84.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.20.84.254/; sid:900622569; rev:1;) alert tcp $HOME_NET any -> [148.72.151.34] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.72.151.34/; sid:900622570; rev:1;) alert tcp $HOME_NET any -> [195.123.238.191] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.191/; sid:900622567; rev:1;) alert tcp $HOME_NET any -> [187.193.89.61] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.193.89.61/; sid:900622563; rev:1;) alert tcp $HOME_NET any -> [91.204.163.19] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.204.163.19/; sid:900622565; rev:1;) alert tcp $HOME_NET any -> [144.139.158.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.139.158.155/; sid:900622562; rev:1;) alert tcp $HOME_NET any -> [187.155.95.26] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.95.26/; sid:901210320; rev:1;) alert tcp $HOME_NET any -> [189.218.243.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.218.243.150/; sid:900622566; rev:1;) alert tcp $HOME_NET any -> [23.253.207.142] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.253.207.142/; sid:901210292; rev:1;) alert tcp $HOME_NET any -> [201.213.32.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.213.32.59/; sid:900622564; rev:1;) alert tcp $HOME_NET any -> [189.159.113.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.113.125/; sid:900622561; rev:1;) alert tcp $HOME_NET any -> [187.143.219.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.143.219.242/; sid:901206236; rev:1;) alert tcp $HOME_NET any -> [162.241.134.130] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.134.130/; sid:901206230; rev:1;) alert tcp $HOME_NET any -> [45.79.95.107] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.95.107/; sid:901206151; rev:1;) alert tcp $HOME_NET any -> [186.23.132.93] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.132.93/; sid:900622559; rev:1;) alert tcp $HOME_NET any -> [189.189.21.214] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.21.214/; sid:901206143; rev:1;) alert tcp $HOME_NET any -> [144.91.79.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.79.12/; sid:900622552; rev:1;) alert tcp $HOME_NET any -> [185.222.202.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.76/; sid:900622550; rev:1;) alert tcp $HOME_NET any -> [85.25.92.96] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.92.96/; sid:900622558; rev:1;) alert tcp $HOME_NET any -> [45.56.122.75] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.56.122.75/; sid:900622557; rev:1;) alert tcp $HOME_NET any -> [45.33.54.74] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.54.74/; sid:900622556; rev:1;) alert tcp $HOME_NET any -> [190.217.1.149] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.217.1.149/; sid:900622554; rev:1;) alert tcp $HOME_NET any -> [190.16.101.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.101.10/; sid:900622812; rev:1;) alert tcp $HOME_NET any -> [23.229.115.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.229.115.217/; sid:900622553; rev:1;) alert tcp $HOME_NET any -> [190.120.104.21] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.120.104.21/; sid:900622575; rev:1;) alert tcp $HOME_NET any -> [201.250.54.115] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.250.54.115/; sid:900622547; rev:1;) alert tcp $HOME_NET any -> [190.146.131.105] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.131.105/; sid:901199392; rev:1;) alert tcp $HOME_NET any -> [189.132.130.111] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.132.130.111/; sid:901199357; rev:1;) alert tcp $HOME_NET any -> [185.45.24.254] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.45.24.254/; sid:900622545; rev:1;) alert tcp $HOME_NET any -> [200.90.86.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.86.170/; sid:900622541; rev:1;) alert tcp $HOME_NET any -> [194.5.250.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.95/; sid:900622542; rev:1;) alert tcp $HOME_NET any -> [172.245.97.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.97.148/; sid:900622543; rev:1;) alert tcp $HOME_NET any -> [200.30.227.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.30.227.135/; sid:900622548; rev:1;) alert tcp $HOME_NET any -> [185.222.202.192] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.192/; sid:900622539; rev:1;) alert tcp $HOME_NET any -> [181.197.2.80] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.2.80/; sid:900622540; rev:1;) alert tcp $HOME_NET any -> [190.113.146.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.113.146.128/; sid:900622528; rev:1;) alert tcp $HOME_NET any -> [203.99.188.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.188.11/; sid:900622532; rev:1;) alert tcp $HOME_NET any -> [190.228.212.165] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.228.212.165/; sid:900622527; rev:1;) alert tcp $HOME_NET any -> [184.82.233.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.82.233.15/; sid:900622530; rev:1;) alert tcp $HOME_NET any -> [190.166.25.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.166.25.99/; sid:900622526; rev:1;) alert tcp $HOME_NET any -> [79.127.57.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.127.57.43/; sid:900622534; rev:1;) alert tcp $HOME_NET any -> [181.16.17.210] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.17.210/; sid:900622525; rev:1;) alert tcp $HOME_NET any -> [186.92.11.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.92.11.143/; sid:900622544; rev:1;) alert tcp $HOME_NET any -> [186.109.91.136] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.109.91.136/; sid:900622536; rev:1;) alert tcp $HOME_NET any -> [200.127.121.99] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.121.99/; sid:900622521; rev:1;) alert tcp $HOME_NET any -> [186.47.122.182] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.122.182/; sid:900622520; rev:1;) alert tcp $HOME_NET any -> [181.112.52.26] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.52.26/; sid:900622519; rev:1;) alert tcp $HOME_NET any -> [89.228.243.148] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.228.243.148/; sid:900622516; rev:1;) alert tcp $HOME_NET any -> [170.82.156.53] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.82.156.53/; sid:900622517; rev:1;) alert tcp $HOME_NET any -> [46.174.235.36] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.174.235.36/; sid:900622518; rev:1;) alert tcp $HOME_NET any -> [85.25.255.207] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.25.255.207/; sid:900622522; rev:1;) alert tcp $HOME_NET any -> [195.123.220.115] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.115/; sid:900622529; rev:1;) alert tcp $HOME_NET any -> [186.84.173.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.84.173.153/; sid:900622551; rev:1;) alert tcp $HOME_NET any -> [89.191.234.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.191.234.91/; sid:900622531; rev:1;) alert tcp $HOME_NET any -> [93.189.42.200] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.200/; sid:900622533; rev:1;) alert tcp $HOME_NET any -> [198.98.51.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.170/; sid:900622535; rev:1;) alert tcp $HOME_NET any -> [201.217.113.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.217.113.58/; sid:901168088; rev:1;) alert tcp $HOME_NET any -> [78.46.103.90] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.46.103.90/; sid:900622512; rev:1;) alert tcp $HOME_NET any -> [94.177.216.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.216.217/; sid:900622507; rev:1;) alert tcp $HOME_NET any -> [69.163.33.84] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.163.33.84/; sid:900622508; rev:1;) alert tcp $HOME_NET any -> [131.0.103.200] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.103.200/; sid:900622511; rev:1;) alert tcp $HOME_NET any -> [120.138.101.250] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.138.101.250/; sid:900622510; rev:1;) alert tcp $HOME_NET any -> [105.227.100.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.100.228/; sid:900622515; rev:1;) alert tcp $HOME_NET any -> [186.71.150.23] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.150.23/; sid:900622513; rev:1;) alert tcp $HOME_NET any -> [31.128.13.45] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.128.13.45/; sid:900622505; rev:1;) alert tcp $HOME_NET any -> [190.97.30.167] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.30.167/; sid:900622546; rev:1;) alert tcp $HOME_NET any -> [192.3.104.40] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.104.40/; sid:900622502; rev:1;) alert tcp $HOME_NET any -> [66.85.156.81] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.156.81/; sid:900622498; rev:1;) alert tcp $HOME_NET any -> [51.89.115.120] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.120/; sid:900622497; rev:1;) alert tcp $HOME_NET any -> [194.36.189.165] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.165/; sid:900622496; rev:1;) alert tcp $HOME_NET any -> [144.91.76.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.91.76.214/; sid:900622495; rev:1;) alert tcp $HOME_NET any -> [194.5.250.98] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.98/; sid:900622494; rev:1;) alert tcp $HOME_NET any -> [91.232.52.187] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.232.52.187/; sid:900622493; rev:1;) alert tcp $HOME_NET any -> [186.146.110.108] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.110.108/; sid:900622492; rev:1;) alert tcp $HOME_NET any -> [187.144.61.73] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.61.73/; sid:901148533; rev:1;) alert tcp $HOME_NET any -> [181.44.166.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.166.242/; sid:900622503; rev:1;) alert tcp $HOME_NET any -> [181.51.251.236] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.51.251.236/; sid:901148491; rev:1;) alert tcp $HOME_NET any -> [181.99.223.250] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.223.250/; sid:900622499; rev:1;) alert tcp $HOME_NET any -> [31.148.99.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.148.99.63/; sid:900622490; rev:1;) alert tcp $HOME_NET any -> [181.61.143.177] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.143.177/; sid:900622811; rev:1;) alert tcp $HOME_NET any -> [75.154.163.1] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.154.163.1/; sid:900622500; rev:1;) alert tcp $HOME_NET any -> [186.90.29.228] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.90.29.228/; sid:900622501; rev:1;) alert tcp $HOME_NET any -> [181.135.153.203] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.135.153.203/; sid:900622491; rev:1;) alert tcp $HOME_NET any -> [37.44.212.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.148/; sid:900622489; rev:1;) alert tcp $HOME_NET any -> [198.144.190.254] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.144.190.254/; sid:900622488; rev:1;) alert tcp $HOME_NET any -> [193.37.212.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.246/; sid:900622487; rev:1;) alert tcp $HOME_NET any -> [94.177.183.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.183.28/; sid:900622509; rev:1;) alert tcp $HOME_NET any -> [131.161.253.190] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.161.253.190/; sid:900622486; rev:1;) alert tcp $HOME_NET any -> [66.55.71.111] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.111/; sid:900622484; rev:1;) alert tcp $HOME_NET any -> [46.21.153.81] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.81/; sid:900622485; rev:1;) alert tcp $HOME_NET any -> [185.164.32.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.125/; sid:900622483; rev:1;) alert tcp $HOME_NET any -> [93.123.73.192] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.123.73.192/; sid:900622480; rev:1;) alert tcp $HOME_NET any -> [179.43.147.72] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.43.147.72/; sid:900622478; rev:1;) alert tcp $HOME_NET any -> [186.176.138.171] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.138.171/; sid:901145460; rev:1;) alert tcp $HOME_NET any -> [186.47.121.58] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.121.58/; sid:900622479; rev:1;) alert tcp $HOME_NET any -> [195.123.221.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.236/; sid:900622504; rev:1;) alert tcp $HOME_NET any -> [178.183.150.169] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.183.150.169/; sid:900622477; rev:1;) alert tcp $HOME_NET any -> [94.103.91.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.91.61/; sid:900622475; rev:1;) alert tcp $HOME_NET any -> [199.241.114.0] 42118 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.241.114.0/; sid:901143542; rev:1;) alert tcp $HOME_NET any -> [26.235.0.0] 61 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/26.235.0.0/; sid:901143541; rev:1;) alert tcp $HOME_NET any -> [86.22.221.170] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.22.221.170/; sid:900622514; rev:1;) alert tcp $HOME_NET any -> [80.255.86.20] 24076 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.255.86.20/; sid:901137341; rev:1;) alert tcp $HOME_NET any -> [139.20.36.116] 65286 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.20.36.116/; sid:901137340; rev:1;) alert tcp $HOME_NET any -> [69.164.201.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.164.201.54/; sid:900622471; rev:1;) alert tcp $HOME_NET any -> [74.208.68.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.68.48/; sid:900622470; rev:1;) alert tcp $HOME_NET any -> [154.120.227.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.227.206/; sid:900622472; rev:1;) alert tcp $HOME_NET any -> [195.123.240.189] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.189/; sid:900622467; rev:1;) alert tcp $HOME_NET any -> [157.7.164.178] 8081 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/157.7.164.178/; sid:900622464; rev:1;) alert tcp $HOME_NET any -> [185.187.198.15] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.187.198.15/; sid:900622465; rev:1;) alert tcp $HOME_NET any -> [191.82.16.60] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.82.16.60/; sid:901127416; rev:1;) alert tcp $HOME_NET any -> [199.255.156.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.255.156.210/; sid:901127246; rev:1;) alert tcp $HOME_NET any -> [104.131.44.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.44.150/; sid:901127227; rev:1;) alert tcp $HOME_NET any -> [162.241.208.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.208.52/; sid:900622463; rev:1;) alert tcp $HOME_NET any -> [139.60.163.32] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.32/; sid:900622461; rev:1;) alert tcp $HOME_NET any -> [189.160.49.234] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.160.49.234/; sid:900622482; rev:1;) alert tcp $HOME_NET any -> [194.5.250.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.94/; sid:900622460; rev:1;) alert tcp $HOME_NET any -> [14.160.93.230] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.160.93.230/; sid:900622474; rev:1;) alert tcp $HOME_NET any -> [167.71.10.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.71.10.37/; sid:900622462; rev:1;) alert tcp $HOME_NET any -> [200.55.168.82] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.55.168.82/; sid:900622466; rev:1;) alert tcp $HOME_NET any -> [203.99.187.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.187.137/; sid:900622473; rev:1;) alert tcp $HOME_NET any -> [46.21.153.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.17/; sid:900622458; rev:1;) alert tcp $HOME_NET any -> [31.202.132.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.155/; sid:900622457; rev:1;) alert tcp $HOME_NET any -> [85.143.218.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.203/; sid:900622456; rev:1;) alert tcp $HOME_NET any -> [212.80.216.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.58/; sid:900622455; rev:1;) alert tcp $HOME_NET any -> [78.24.217.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.217.84/; sid:900622453; rev:1;) alert tcp $HOME_NET any -> [81.177.26.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.26.27/; sid:900622454; rev:1;) alert tcp $HOME_NET any -> [199.195.254.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.195.254.138/; sid:900622452; rev:1;) alert tcp $HOME_NET any -> [68.183.170.114] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.170.114/; sid:901094185; rev:1;) alert tcp $HOME_NET any -> [192.81.213.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.81.213.192/; sid:901094143; rev:1;) alert tcp $HOME_NET any -> [133.167.80.63] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.167.80.63/; sid:900622447; rev:1;) alert tcp $HOME_NET any -> [24.45.195.162] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.45.195.162/; sid:900622449; rev:1;) alert tcp $HOME_NET any -> [188.137.81.201] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.137.81.201/; sid:900622451; rev:1;) alert tcp $HOME_NET any -> [201.184.105.242] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.105.242/; sid:900622448; rev:1;) alert tcp $HOME_NET any -> [82.196.15.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.196.15.205/; sid:901091527; rev:1;) alert tcp $HOME_NET any -> [216.98.148.181] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.181/; sid:900622443; rev:1;) alert tcp $HOME_NET any -> [198.199.114.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.114.69/; sid:900622440; rev:1;) alert tcp $HOME_NET any -> [189.253.27.123] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.253.27.123/; sid:900622439; rev:1;) alert tcp $HOME_NET any -> [203.99.188.203] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.188.203/; sid:901091454; rev:1;) alert tcp $HOME_NET any -> [181.47.235.26] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.47.235.26/; sid:900622438; rev:1;) alert tcp $HOME_NET any -> [216.75.37.196] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.75.37.196/; sid:901091441; rev:1;) alert tcp $HOME_NET any -> [144.76.62.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.76.62.10/; sid:900622437; rev:1;) alert tcp $HOME_NET any -> [213.138.100.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.138.100.98/; sid:900622445; rev:1;) alert tcp $HOME_NET any -> [70.32.94.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.94.58/; sid:900622442; rev:1;) alert tcp $HOME_NET any -> [23.239.29.211] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.29.211/; sid:900622441; rev:1;) alert tcp $HOME_NET any -> [91.83.93.105] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.105/; sid:900622444; rev:1;) alert tcp $HOME_NET any -> [185.244.150.142] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.150.142/; sid:900622434; rev:1;) alert tcp $HOME_NET any -> [81.190.160.139] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.190.160.139/; sid:900622432; rev:1;) alert tcp $HOME_NET any -> [45.80.148.30] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.30/; sid:900622431; rev:1;) alert tcp $HOME_NET any -> [45.142.213.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.142.213.58/; sid:900622430; rev:1;) alert tcp $HOME_NET any -> [85.11.116.194] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.11.116.194/; sid:900622429; rev:1;) alert tcp $HOME_NET any -> [185.164.32.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.113/; sid:900622428; rev:1;) alert tcp $HOME_NET any -> [45.66.11.116] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.66.11.116/; sid:900622427; rev:1;) alert tcp $HOME_NET any -> [94.156.144.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.144.3/; sid:900622424; rev:1;) alert tcp $HOME_NET any -> [89.25.238.170] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.25.238.170/; sid:900622423; rev:1;) alert tcp $HOME_NET any -> [46.21.153.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.153.5/; sid:900622421; rev:1;) alert tcp $HOME_NET any -> [185.79.243.37] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.79.243.37/; sid:900622420; rev:1;) alert tcp $HOME_NET any -> [185.251.38.165] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.165/; sid:900622422; rev:1;) alert tcp $HOME_NET any -> [185.222.202.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.223/; sid:900622418; rev:1;) alert tcp $HOME_NET any -> [198.98.51.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.98.51.83/; sid:900622419; rev:1;) alert tcp $HOME_NET any -> [185.14.31.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.109/; sid:900622417; rev:1;) alert tcp $HOME_NET any -> [92.242.40.148] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.242.40.148/; sid:900622426; rev:1;) alert tcp $HOME_NET any -> [194.5.250.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.83/; sid:900622425; rev:1;) alert tcp $HOME_NET any -> [23.94.233.194] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.233.194/; sid:900622416; rev:1;) alert tcp $HOME_NET any -> [31.214.138.207] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.214.138.207/; sid:900622433; rev:1;) alert tcp $HOME_NET any -> [195.123.247.99] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.247.99/; sid:900622436; rev:1;) alert tcp $HOME_NET any -> [195.123.220.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.88/; sid:900622415; rev:1;) alert tcp $HOME_NET any -> [5.185.67.137] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.185.67.137/; sid:900622446; rev:1;) alert tcp $HOME_NET any -> [104.244.76.156] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.244.76.156/; sid:900622412; rev:1;) alert tcp $HOME_NET any -> [192.241.220.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.220.183/; sid:901078100; rev:1;) alert tcp $HOME_NET any -> [173.249.157.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.249.157.58/; sid:900622414; rev:1;) alert tcp $HOME_NET any -> [91.109.5.28] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.109.5.28/; sid:900622411; rev:1;) alert tcp $HOME_NET any -> [107.172.248.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.248.84/; sid:900622410; rev:1;) alert tcp $HOME_NET any -> [185.142.99.61] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.61/; sid:900622409; rev:1;) alert tcp $HOME_NET any -> [5.1.86.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.1.86.195/; sid:901077451; rev:1;) alert tcp $HOME_NET any -> [68.183.190.199] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.183.190.199/; sid:900622408; rev:1;) alert tcp $HOME_NET any -> [38.132.99.147] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.132.99.147/; sid:900622405; rev:1;) alert tcp $HOME_NET any -> [66.55.71.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.106/; sid:900622404; rev:1;) alert tcp $HOME_NET any -> [194.5.250.89] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.89/; sid:900622403; rev:1;) alert tcp $HOME_NET any -> [212.22.75.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.94/; sid:900622402; rev:1;) alert tcp $HOME_NET any -> [198.24.134.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.24.134.7/; sid:900622406; rev:1;) alert tcp $HOME_NET any -> [185.222.202.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.218/; sid:900622537; rev:1;) alert tcp $HOME_NET any -> [185.164.32.135] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.164.32.135/; sid:900622584; rev:1;) alert tcp $HOME_NET any -> [209.141.58.175] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.58.175/; sid:900622399; rev:1;) alert tcp $HOME_NET any -> [93.123.73.40] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.123.73.40/; sid:900622398; rev:1;) alert tcp $HOME_NET any -> [195.123.239.16] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.239.16/; sid:900622397; rev:1;) alert tcp $HOME_NET any -> [194.5.250.87] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.87/; sid:900622395; rev:1;) alert tcp $HOME_NET any -> [23.95.227.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.227.178/; sid:900622394; rev:1;) alert tcp $HOME_NET any -> [152.89.236.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.236.214/; sid:901056274; rev:1;) alert tcp $HOME_NET any -> [94.192.225.46] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.192.225.46/; sid:900622401; rev:1;) alert tcp $HOME_NET any -> [78.189.94.99] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.94.99/; sid:900622393; rev:1;) alert tcp $HOME_NET any -> [27.4.80.183] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.4.80.183/; sid:901055217; rev:1;) alert tcp $HOME_NET any -> [182.188.39.68] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.188.39.68/; sid:901055109; rev:1;) alert tcp $HOME_NET any -> [46.101.212.195] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.212.195/; sid:900622390; rev:1;) alert tcp $HOME_NET any -> [68.169.49.14] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.169.49.14/; sid:900622391; rev:1;) alert tcp $HOME_NET any -> [172.105.11.15] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.105.11.15/; sid:900622392; rev:1;) alert tcp $HOME_NET any -> [103.31.232.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.31.232.93/; sid:900622389; rev:1;) alert tcp $HOME_NET any -> [185.222.202.193] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.193/; sid:900622386; rev:1;) alert tcp $HOME_NET any -> [5.61.35.158] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.61.35.158/; sid:900622384; rev:1;) alert tcp $HOME_NET any -> [69.162.169.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.162.169.173/; sid:900622407; rev:1;) alert tcp $HOME_NET any -> [15.201.133.244] 49300 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.201.133.244/; sid:901051053; rev:1;) alert tcp $HOME_NET any -> [64.139.0.139] 50164 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.139.0.139/; sid:901051049; rev:1;) alert tcp $HOME_NET any -> [144.144.195.91] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.91/; sid:901051046; rev:1;) alert tcp $HOME_NET any -> [41.218.116.192] 33752 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.218.116.192/; sid:901051045; rev:1;) alert tcp $HOME_NET any -> [81.232.36.4] 65515 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.232.36.4/; sid:901051044; rev:1;) alert tcp $HOME_NET any -> [36.76.137.201] 260 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.76.137.201/; sid:901051043; rev:1;) alert tcp $HOME_NET any -> [84.137.194.41] 2084 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.137.194.41/; sid:901051042; rev:1;) alert tcp $HOME_NET any -> [114.208.57.244] 47115 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.208.57.244/; sid:901051040; rev:1;) alert tcp $HOME_NET any -> [32.36.84.139] 6795 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.36.84.139/; sid:901051039; rev:1;) alert tcp $HOME_NET any -> [195.16.196.131] 33619 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.16.196.131/; sid:901051037; rev:1;) alert tcp $HOME_NET any -> [4.36.68.137] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.68.137/; sid:901051035; rev:1;) alert tcp $HOME_NET any -> [139.16.236.131] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.16.236.131/; sid:901051033; rev:1;) alert tcp $HOME_NET any -> [91.8.196.131] 24414 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.8.196.131/; sid:901051032; rev:1;) alert tcp $HOME_NET any -> [76.56.193.146] 1828 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.56.193.146/; sid:901051031; rev:1;) alert tcp $HOME_NET any -> [151.15.166.243] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.15.166.243/; sid:901051030; rev:1;) alert tcp $HOME_NET any -> [237.57.71.32] 56969 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/237.57.71.32/; sid:901051029; rev:1;) alert tcp $HOME_NET any -> [117.255.75.58] 35819 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.75.58/; sid:901051028; rev:1;) alert tcp $HOME_NET any -> [67.66.208.137] 1081 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.66.208.137/; sid:901051027; rev:1;) alert tcp $HOME_NET any -> [211.1.1.80] 60237 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.1.1.80/; sid:901051026; rev:1;) alert tcp $HOME_NET any -> [68.139.4.36] 6180 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.139.4.36/; sid:901050993; rev:1;) alert tcp $HOME_NET any -> [68.137.32.36] 2084 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.137.32.36/; sid:901050992; rev:1;) alert tcp $HOME_NET any -> [76.137.73.209] 3108 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.137.73.209/; sid:901050991; rev:1;) alert tcp $HOME_NET any -> [28.36.84.139] 21641 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.36.84.139/; sid:901051034; rev:1;) alert tcp $HOME_NET any -> [144.195.192.148] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.192.148/; sid:901050988; rev:1;) alert tcp $HOME_NET any -> [72.139.0.139] 34292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.139.0.139/; sid:901050987; rev:1;) alert tcp $HOME_NET any -> [144.0.4.194] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.0.4.194/; sid:901050986; rev:1;) alert tcp $HOME_NET any -> [8.36.84.139] 4747 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.84.139/; sid:901050985; rev:1;) alert tcp $HOME_NET any -> [144.195.0.139] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.0.139/; sid:901050984; rev:1;) alert tcp $HOME_NET any -> [144.144.195.244] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.244/; sid:901050983; rev:1;) alert tcp $HOME_NET any -> [16.137.18.139] 1218 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.137.18.139/; sid:901050981; rev:1;) alert tcp $HOME_NET any -> [4.36.68.139] 139 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.68.139/; sid:901050982; rev:1;) alert tcp $HOME_NET any -> [24.196.131.216] 50011 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.196.131.216/; sid:901050979; rev:1;) alert tcp $HOME_NET any -> [133.255.255.235] 29888 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.255.255.235/; sid:901050978; rev:1;) alert tcp $HOME_NET any -> [137.216.1.4] 9220 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.216.1.4/; sid:901050977; rev:1;) alert tcp $HOME_NET any -> [190.15.8.36] 35273 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.8.36/; sid:901050976; rev:1;) alert tcp $HOME_NET any -> [144.195.91.24] 49705 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.91.24/; sid:901050975; rev:1;) alert tcp $HOME_NET any -> [83.139.26.139] 14836 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.139.26.139/; sid:901050974; rev:1;) alert tcp $HOME_NET any -> [36.36.76.138] 21643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.36.76.138/; sid:901050973; rev:1;) alert tcp $HOME_NET any -> [24.236.131.83] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.236.131.83/; sid:901050972; rev:1;) alert tcp $HOME_NET any -> [20.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.36.68.139/; sid:901050971; rev:1;) alert tcp $HOME_NET any -> [139.24.36.68] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.24.36.68/; sid:901050968; rev:1;) alert tcp $HOME_NET any -> [94.198.139.246] 35679 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.198.139.246/; sid:901050851; rev:1;) alert tcp $HOME_NET any -> [180.235.218.117] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.235.218.117/; sid:901050782; rev:1;) alert tcp $HOME_NET any -> [131.194.117.192] 749 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.194.117.192/; sid:901050781; rev:1;) alert tcp $HOME_NET any -> [25.232.36.4] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/25.232.36.4/; sid:901050780; rev:1;) alert tcp $HOME_NET any -> [139.4.36.68] 9284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.4.36.68/; sid:901050779; rev:1;) alert tcp $HOME_NET any -> [15.8.36.124] 1207 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.8.36.124/; sid:901050778; rev:1;) alert tcp $HOME_NET any -> [8.36.124.137] 46863 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.124.137/; sid:901050777; rev:1;) alert tcp $HOME_NET any -> [131.80.20.141] 511 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.80.20.141/; sid:901050776; rev:1;) alert tcp $HOME_NET any -> [139.0.0.13] 35587 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.0.0.13/; sid:901050775; rev:1;) alert tcp $HOME_NET any -> [137.4.36.116] 9244 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.4.36.116/; sid:901050774; rev:1;) alert tcp $HOME_NET any -> [133.252.72.139] 32457 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.252.72.139/; sid:901050773; rev:1;) alert tcp $HOME_NET any -> [59.23.52.141] 63600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.23.52.141/; sid:901050772; rev:1;) alert tcp $HOME_NET any -> [209.41.31.255] 53049 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.41.31.255/; sid:901050771; rev:1;) alert tcp $HOME_NET any -> [80.139.3.139] 47604 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.139.3.139/; sid:901050770; rev:1;) alert tcp $HOME_NET any -> [93.95.94.91] 36291 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.94.91/; sid:901050769; rev:1;) alert tcp $HOME_NET any -> [137.13.117.255] 33752 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.13.117.255/; sid:901050768; rev:1;) alert tcp $HOME_NET any -> [139.52.36.124] 9324 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.52.36.124/; sid:901050767; rev:1;) alert tcp $HOME_NET any -> [139.28.236.131] 9308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.28.236.131/; sid:901050766; rev:1;) alert tcp $HOME_NET any -> [144.144.144.255] 3049 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.144.255/; sid:901050764; rev:1;) alert tcp $HOME_NET any -> [235.10.137.102] 51160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.10.137.102/; sid:901050763; rev:1;) alert tcp $HOME_NET any -> [150.235.199.137] 35686 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.235.199.137/; sid:901050762; rev:1;) alert tcp $HOME_NET any -> [94.91.28.196] 23903 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.91.28.196/; sid:901050761; rev:1;) alert tcp $HOME_NET any -> [139.255.255.217] 50947 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.255.217/; sid:901050760; rev:1;) alert tcp $HOME_NET any -> [137.4.36.108] 9236 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.4.36.108/; sid:901050759; rev:1;) alert tcp $HOME_NET any -> [137.49.116.1] 9340 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.49.116.1/; sid:901050758; rev:1;) alert tcp $HOME_NET any -> [141.106.44.141] 18452 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.106.44.141/; sid:901050757; rev:1;) alert tcp $HOME_NET any -> [139.16.139.52] 35587 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.16.139.52/; sid:901050756; rev:1;) alert tcp $HOME_NET any -> [36.116.137.23] 35076 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.116.137.23/; sid:901050755; rev:1;) alert tcp $HOME_NET any -> [131.6.119.248] 64632 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.6.119.248/; sid:901050754; rev:1;) alert tcp $HOME_NET any -> [141.244.72.139] 3892 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.244.72.139/; sid:901050753; rev:1;) alert tcp $HOME_NET any -> [121.119.253.57] 61225 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.119.253.57/; sid:901050752; rev:1;) alert tcp $HOME_NET any -> [139.52.36.76] 35601 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.52.36.76/; sid:901050751; rev:1;) alert tcp $HOME_NET any -> [36.68.183.15] 35080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.183.15/; sid:901050750; rev:1;) alert tcp $HOME_NET any -> [32.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.36.68.139/; sid:901050749; rev:1;) alert tcp $HOME_NET any -> [8.36.84.137] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.36.84.137/; sid:901050748; rev:1;) alert tcp $HOME_NET any -> [12.36.84.137] 21643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.36.84.137/; sid:901050747; rev:1;) alert tcp $HOME_NET any -> [139.36.36.68] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.36.36.68/; sid:901050746; rev:1;) alert tcp $HOME_NET any -> [144.144.195.93] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.195.93/; sid:901050745; rev:1;) alert tcp $HOME_NET any -> [196.131.216.137] 23324 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.216.137/; sid:901050744; rev:1;) alert tcp $HOME_NET any -> [187.217.114.244] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.217.114.244/; sid:901050743; rev:1;) alert tcp $HOME_NET any -> [131.7.139.67] 710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.7.139.67/; sid:901050742; rev:1;) alert tcp $HOME_NET any -> [52.36.68.139] 1161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.36.68.139/; sid:901050741; rev:1;) alert tcp $HOME_NET any -> [48.4.183.15] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/48.4.183.15/; sid:901050740; rev:1;) alert tcp $HOME_NET any -> [133.60.36.108] 29933 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.60.36.108/; sid:901050739; rev:1;) alert tcp $HOME_NET any -> [139.48.36.124] 9308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.48.36.124/; sid:901050738; rev:1;) alert tcp $HOME_NET any -> [83.86.87.85] 60547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.86.87.85/; sid:901050737; rev:1;) alert tcp $HOME_NET any -> [91.24.196.131] 37059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.24.196.131/; sid:901050736; rev:1;) alert tcp $HOME_NET any -> [4.36.92.137] 17547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.92.137/; sid:901050734; rev:1;) alert tcp $HOME_NET any -> [40.36.68.139] 17545 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.36.68.139/; sid:901050733; rev:1;) alert tcp $HOME_NET any -> [36.36.92.139] 7305 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.36.92.139/; sid:901050732; rev:1;) alert tcp $HOME_NET any -> [144.144.0.0] 33619 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.144.0.0/; sid:901050731; rev:1;) alert tcp $HOME_NET any -> [36.68.137.8] 59656 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.137.8/; sid:901050730; rev:1;) alert tcp $HOME_NET any -> [195.28.196.131] 46863 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.28.196.131/; sid:901050729; rev:1;) alert tcp $HOME_NET any -> [232.36.4.137] 8 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.36.4.137/; sid:901050735; rev:1;) alert tcp $HOME_NET any -> [201.199.93.30] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.199.93.30/; sid:900622396; rev:1;) alert tcp $HOME_NET any -> [79.129.0.173] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.129.0.173/; sid:900622385; rev:1;) alert tcp $HOME_NET any -> [187.150.150.127] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.150.150.127/; sid:900622383; rev:1;) alert tcp $HOME_NET any -> [4.36.84.137] 3209 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.36.84.137/; sid:901050664; rev:1;) alert tcp $HOME_NET any -> [44.116.1.255] 31881 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/44.116.1.255/; sid:901050663; rev:1;) alert tcp $HOME_NET any -> [62.109.0.169] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.109.0.169/; sid:900622381; rev:1;) alert tcp $HOME_NET any -> [148.251.185.185] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.185/; sid:900622380; rev:1;) alert tcp $HOME_NET any -> [194.36.189.168] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.168/; sid:900622382; rev:1;) alert tcp $HOME_NET any -> [46.30.42.63] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.42.63/; sid:900622378; rev:1;) alert tcp $HOME_NET any -> [103.75.118.176] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.118.176/; sid:900622377; rev:1;) alert tcp $HOME_NET any -> [95.216.207.86] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.216.207.86/; sid:901050258; rev:1;) alert tcp $HOME_NET any -> [186.139.205.130] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.139.205.130/; sid:901050254; rev:1;) alert tcp $HOME_NET any -> [108.166.188.146] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.166.188.146/; sid:900622375; rev:1;) alert tcp $HOME_NET any -> [212.80.218.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.218.133/; sid:900622373; rev:1;) alert tcp $HOME_NET any -> [187.177.154.167] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.177.154.167/; sid:901049795; rev:1;) alert tcp $HOME_NET any -> [91.121.116.137] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.121.116.137/; sid:900622379; rev:1;) alert tcp $HOME_NET any -> [190.85.152.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.152.186/; sid:900622367; rev:1;) alert tcp $HOME_NET any -> [189.136.50.227] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.136.50.227/; sid:901049032; rev:1;) alert tcp $HOME_NET any -> [196.149.141.232] 65534 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.149.141.232/; sid:901049030; rev:1;) alert tcp $HOME_NET any -> [171.198.232.240] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.198.232.240/; sid:901049029; rev:1;) alert tcp $HOME_NET any -> [139.211.139.32] 61517 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.211.139.32/; sid:901049028; rev:1;) alert tcp $HOME_NET any -> [100.0.64.244] 12543 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.0.64.244/; sid:901049027; rev:1;) alert tcp $HOME_NET any -> [51.236.69.137] 21952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.236.69.137/; sid:901049026; rev:1;) alert tcp $HOME_NET any -> [232.0.64.98] 46492 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.0.64.98/; sid:901049025; rev:1;) alert tcp $HOME_NET any -> [32.137.100.48] 104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.137.100.48/; sid:901049024; rev:1;) alert tcp $HOME_NET any -> [137.0.1.47] 61509 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.0.1.47/; sid:901049023; rev:1;) alert tcp $HOME_NET any -> [94.56.161.1] 64 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.56.161.1/; sid:901049022; rev:1;) alert tcp $HOME_NET any -> [56.161.1.178] 16478 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.161.1.178/; sid:901049021; rev:1;) alert tcp $HOME_NET any -> [233.0.0.2] 299 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.0.0.2/; sid:901049020; rev:1;) alert tcp $HOME_NET any -> [139.200.85.139] 64581 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.200.85.139/; sid:901049019; rev:1;) alert tcp $HOME_NET any -> [232.211.139.200] 18960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.211.139.200/; sid:901049018; rev:1;) alert tcp $HOME_NET any -> [192.132.0.0] 6773 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.132.0.0/; sid:901049017; rev:1;) alert tcp $HOME_NET any -> [69.141.80.0] 35788 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.141.80.0/; sid:901049016; rev:1;) alert tcp $HOME_NET any -> [228.69.141.37] 33768 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/228.69.141.37/; sid:901049015; rev:1;) alert tcp $HOME_NET any -> [1.6.59.232] 33792 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.6.59.232/; sid:901049014; rev:1;) alert tcp $HOME_NET any -> [85.141.32.137] 26360 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.141.32.137/; sid:901049013; rev:1;) alert tcp $HOME_NET any -> [173.232.252.69] 65517 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.232.252.69/; sid:901049012; rev:1;) alert tcp $HOME_NET any -> [220.117.255.220] 30207 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.117.255.220/; sid:901049011; rev:1;) alert tcp $HOME_NET any -> [137.0.1.74] 55365 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.0.1.74/; sid:901049010; rev:1;) alert tcp $HOME_NET any -> [125.232.252.69] 4 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.232.252.69/; sid:901049009; rev:1;) alert tcp $HOME_NET any -> [80.79.23.144] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.79.23.144/; sid:901048977; rev:1;) alert tcp $HOME_NET any -> [89.255.255.254] 17805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.255.255.254/; sid:901048944; rev:1;) alert tcp $HOME_NET any -> [69.139.32.137] 20488 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.139.32.137/; sid:901048943; rev:1;) alert tcp $HOME_NET any -> [216.139.83.0] 49203 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.139.83.0/; sid:901048942; rev:1;) alert tcp $HOME_NET any -> [195.93.89.91] 35669 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.93.89.91/; sid:901048941; rev:1;) alert tcp $HOME_NET any -> [1.71.51.233] 60160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.71.51.233/; sid:901048940; rev:1;) alert tcp $HOME_NET any -> [17.232.252.69] 331 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/17.232.252.69/; sid:901048939; rev:1;) alert tcp $HOME_NET any -> [119.104.16.137] 16612 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.104.16.137/; sid:901048938; rev:1;) alert tcp $HOME_NET any -> [192.51.255.255] 22874 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.51.255.255/; sid:901048937; rev:1;) alert tcp $HOME_NET any -> [235.255.255.251] 35597 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.255.255.251/; sid:901048935; rev:1;) alert tcp $HOME_NET any -> [116.192.132.211] 35600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.192.132.211/; sid:901048933; rev:1;) alert tcp $HOME_NET any -> [85.141.27.116] 35836 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.141.27.116/; sid:901048932; rev:1;) alert tcp $HOME_NET any -> [50.255.100.0] 35172 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.255.100.0/; sid:901048931; rev:1;) alert tcp $HOME_NET any -> [85.210.51.242] 28776 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.210.51.242/; sid:901048930; rev:1;) alert tcp $HOME_NET any -> [106.236.139.85] 21248 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.236.139.85/; sid:901048929; rev:1;) alert tcp $HOME_NET any -> [91.94.95.240] 23897 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.95.240/; sid:901048928; rev:1;) alert tcp $HOME_NET any -> [161.233.195.0] 327 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.233.195.0/; sid:901048927; rev:1;) alert tcp $HOME_NET any -> [16.137.100.89] 2408 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.137.100.89/; sid:901048926; rev:1;) alert tcp $HOME_NET any -> [139.0.0.40] 64597 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.0.0.40/; sid:901048924; rev:1;) alert tcp $HOME_NET any -> [211.139.252.77] 51083 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.139.252.77/; sid:901048923; rev:1;) alert tcp $HOME_NET any -> [163.15.3.119] 29638 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.15.3.119/; sid:901048922; rev:1;) alert tcp $HOME_NET any -> [139.219.51.0] 33731 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.219.51.0/; sid:901048921; rev:1;) alert tcp $HOME_NET any -> [11.178.252.64] 27624 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/11.178.252.64/; sid:901048920; rev:1;) alert tcp $HOME_NET any -> [56.139.1.64] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.139.1.64/; sid:901048919; rev:1;) alert tcp $HOME_NET any -> [91.94.95.199] 49757 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.95.199/; sid:901048887; rev:1;) alert tcp $HOME_NET any -> [1.35.115.232] 25600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.35.115.232/; sid:901048886; rev:1;) alert tcp $HOME_NET any -> [199.139.16.71] 56196 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.139.16.71/; sid:901048885; rev:1;) alert tcp $HOME_NET any -> [12.119.137.0] 17802 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.119.137.0/; sid:901048884; rev:1;) alert tcp $HOME_NET any -> [199.139.210.51] 46056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.139.210.51/; sid:901048883; rev:1;) alert tcp $HOME_NET any -> [196.131.8.116] 59632 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.8.116/; sid:901048882; rev:1;) alert tcp $HOME_NET any -> [94.95.93.221] 50011 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.95.93.221/; sid:901048880; rev:1;) alert tcp $HOME_NET any -> [235.255.255.119] 17156 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.255.255.119/; sid:901048879; rev:1;) alert tcp $HOME_NET any -> [80.71.139.16] 54155 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.71.139.16/; sid:901048878; rev:1;) alert tcp $HOME_NET any -> [17.117.232.59] 49203 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/17.117.232.59/; sid:901048877; rev:1;) alert tcp $HOME_NET any -> [232.211.139.80] 30852 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.211.139.80/; sid:901048876; rev:1;) alert tcp $HOME_NET any -> [70.38.124.246] 56115 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.38.124.246/; sid:901048875; rev:1;) alert tcp $HOME_NET any -> [139.80.71.139] 2160 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.80.71.139/; sid:901048874; rev:1;) alert tcp $HOME_NET any -> [85.87.86.83] 60043 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.87.86.83/; sid:901048873; rev:1;) alert tcp $HOME_NET any -> [73.232.80.64] 65399 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.232.80.64/; sid:901048872; rev:1;) alert tcp $HOME_NET any -> [195.91.56.83] 17033 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.91.56.83/; sid:901048871; rev:1;) alert tcp $HOME_NET any -> [208.139.216.139] 17291 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.139.216.139/; sid:901048870; rev:1;) alert tcp $HOME_NET any -> [120.131.102.83] 58 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.131.102.83/; sid:901048869; rev:1;) alert tcp $HOME_NET any -> [8.194.93.91] 36864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.194.93.91/; sid:901048868; rev:1;) alert tcp $HOME_NET any -> [12.69.139.64] 17289 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.69.139.64/; sid:901048867; rev:1;) alert tcp $HOME_NET any -> [139.231.117.78] 2117 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.231.117.78/; sid:901048866; rev:1;) alert tcp $HOME_NET any -> [16.139.255.255] 21247 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.139.255.255/; sid:901048865; rev:1;) alert tcp $HOME_NET any -> [67.139.215.139] 59472 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.139.215.139/; sid:901048864; rev:1;) alert tcp $HOME_NET any -> [117.255.255.51] 65292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.255.51/; sid:901048863; rev:1;) alert tcp $HOME_NET any -> [133.78.8.112] 31990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.78.8.112/; sid:901048862; rev:1;) alert tcp $HOME_NET any -> [58.116.68.67] 17291 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.116.68.67/; sid:901048861; rev:1;) alert tcp $HOME_NET any -> [8.117.64.67] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.117.64.67/; sid:901048860; rev:1;) alert tcp $HOME_NET any -> [216.139.87.86] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.139.87.86/; sid:901048859; rev:1;) alert tcp $HOME_NET any -> [181.97.70.132] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.97.70.132/; sid:901048026; rev:1;) alert tcp $HOME_NET any -> [201.196.15.79] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.196.15.79/; sid:900622369; rev:1;) alert tcp $HOME_NET any -> [94.183.71.206] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.71.206/; sid:900622435; rev:1;) alert tcp $HOME_NET any -> [181.53.252.85] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.53.252.85/; sid:901048007; rev:1;) alert tcp $HOME_NET any -> [204.204.204.204] 52428 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.204.204.204/; sid:901047708; rev:1;) alert tcp $HOME_NET any -> [113.170.129.113] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.170.129.113/; sid:901047392; rev:1;) alert tcp $HOME_NET any -> [51.38.134.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.134.203/; sid:901047343; rev:1;) alert tcp $HOME_NET any -> [200.114.134.8] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.134.8/; sid:901047342; rev:1;) alert tcp $HOME_NET any -> [181.57.102.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.102.203/; sid:901047328; rev:1;) alert tcp $HOME_NET any -> [117.192.132.89] 35612 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.192.132.89/; sid:901047325; rev:1;) alert tcp $HOME_NET any -> [232.85.39.117] 65384 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.85.39.117/; sid:901047324; rev:1;) alert tcp $HOME_NET any -> [192.51.81.81] 26709 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.51.81.81/; sid:901047322; rev:1;) alert tcp $HOME_NET any -> [51.236.139.85] 20937 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.236.139.85/; sid:901047321; rev:1;) alert tcp $HOME_NET any -> [91.192.148.15] 50013 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.192.148.15/; sid:901047320; rev:1;) alert tcp $HOME_NET any -> [69.139.252.88] 15112 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.139.252.88/; sid:901047319; rev:1;) alert tcp $HOME_NET any -> [6.116.192.132] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.116.192.132/; sid:901047318; rev:1;) alert tcp $HOME_NET any -> [113.232.195.139] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.232.195.139/; sid:901047317; rev:1;) alert tcp $HOME_NET any -> [69.139.80.8] 35592 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.139.80.8/; sid:901047316; rev:1;) alert tcp $HOME_NET any -> [139.216.139.0] 2117 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.216.139.0/; sid:901047315; rev:1;) alert tcp $HOME_NET any -> [32.64.139.252] 7144 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.64.139.252/; sid:901047314; rev:1;) alert tcp $HOME_NET any -> [132.89.255.255] 29888 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.89.255.255/; sid:901047311; rev:1;) alert tcp $HOME_NET any -> [8.64.139.8] 59472 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.64.139.8/; sid:901047310; rev:1;) alert tcp $HOME_NET any -> [91.94.1.176] 50013 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.1.176/; sid:901047308; rev:1;) alert tcp $HOME_NET any -> [4.117.192.132] 49203 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.117.192.132/; sid:901047307; rev:1;) alert tcp $HOME_NET any -> [232.8.67.139] 17708 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.8.67.139/; sid:901047306; rev:1;) alert tcp $HOME_NET any -> [117.4.70.59] 35599 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.4.70.59/; sid:901047305; rev:1;) alert tcp $HOME_NET any -> [64.139.8.69] 13308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.139.8.69/; sid:901048925; rev:1;) alert tcp $HOME_NET any -> [133.33.117.4] 29942 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.33.117.4/; sid:901047303; rev:1;) alert tcp $HOME_NET any -> [139.252.64.139] 10304 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.252.64.139/; sid:901047302; rev:1;) alert tcp $HOME_NET any -> [116.219.133.216] 35631 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.219.133.216/; sid:901047301; rev:1;) alert tcp $HOME_NET any -> [110.119.79.46] 29285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.119.79.46/; sid:901047299; rev:1;) alert tcp $HOME_NET any -> [67.137.102.255] 24090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.137.102.255/; sid:901047298; rev:1;) alert tcp $HOME_NET any -> [198.139.216.139] 48104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.139.216.139/; sid:901047297; rev:1;) alert tcp $HOME_NET any -> [195.91.94.24] 22099 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.91.94.24/; sid:901047296; rev:1;) alert tcp $HOME_NET any -> [91.94.1.0] 37059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.1.0/; sid:901047295; rev:1;) alert tcp $HOME_NET any -> [139.255.255.128] 35795 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.255.128/; sid:901047294; rev:1;) alert tcp $HOME_NET any -> [139.214.139.19] 5187 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.214.139.19/; sid:901047293; rev:1;) alert tcp $HOME_NET any -> [139.20.67.137] 35798 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.20.67.137/; sid:901047292; rev:1;) alert tcp $HOME_NET any -> [232.0.64.80] 10700 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.0.64.80/; sid:901047291; rev:1;) alert tcp $HOME_NET any -> [15.117.0.20] 434 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.117.0.20/; sid:901047290; rev:1;) alert tcp $HOME_NET any -> [4.70.59.5] 13940 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.70.59.5/; sid:901047289; rev:1;) alert tcp $HOME_NET any -> [67.139.216.139] 34052 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.139.216.139/; sid:901047288; rev:1;) alert tcp $HOME_NET any -> [195.0.0.1] 22099 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.0.0.1/; sid:901047287; rev:1;) alert tcp $HOME_NET any -> [8.28.64.246] 1397 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.28.64.246/; sid:901047286; rev:1;) alert tcp $HOME_NET any -> [126.0.36.60] 35591 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.0.36.60/; sid:901047285; rev:1;) alert tcp $HOME_NET any -> [137.232.195.139] 65416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.232.195.139/; sid:901047284; rev:1;) alert tcp $HOME_NET any -> [20.138.0.0] 32804 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.138.0.0/; sid:901047283; rev:1;) alert tcp $HOME_NET any -> [139.7.116.192] 59603 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.7.116.192/; sid:901047282; rev:1;) alert tcp $HOME_NET any -> [133.20.115.139] 29942 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.115.139/; sid:901047281; rev:1;) alert tcp $HOME_NET any -> [139.211.139.1] 65328 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.211.139.1/; sid:901047280; rev:1;) alert tcp $HOME_NET any -> [221.232.198.139] 65410 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.232.198.139/; sid:901047279; rev:1;) alert tcp $HOME_NET any -> [20.235.43.116] 22155 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.235.43.116/; sid:901047278; rev:1;) alert tcp $HOME_NET any -> [139.36.20.136] 35800 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.36.20.136/; sid:901047277; rev:1;) alert tcp $HOME_NET any -> [232.81.86.83] 11856 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.81.86.83/; sid:901047276; rev:1;) alert tcp $HOME_NET any -> [92.233.128.13] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.233.128.13/; sid:900622371; rev:1;) alert tcp $HOME_NET any -> [161.83.216.196] 25776 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.83.216.196/; sid:901047243; rev:1;) alert tcp $HOME_NET any -> [105.87.108.105] 25710 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.87.108.105/; sid:901047242; rev:1;) alert tcp $HOME_NET any -> [144.195.0.71] 20564 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.195.0.71/; sid:901047241; rev:1;) alert tcp $HOME_NET any -> [80.137.0.71] 41733 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.137.0.71/; sid:901047240; rev:1;) alert tcp $HOME_NET any -> [14.116.192.133] 5515 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.116.192.133/; sid:901047239; rev:1;) alert tcp $HOME_NET any -> [91.94.95.9] 49757 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.94.95.9/; sid:901047238; rev:1;) alert tcp $HOME_NET any -> [139.5.83.137] 3157 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.83.137/; sid:901047237; rev:1;) alert tcp $HOME_NET any -> [137.5.83.139] 35607 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.5.83.139/; sid:901047236; rev:1;) alert tcp $HOME_NET any -> [139.13.195.131] 11203 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.13.195.131/; sid:901047235; rev:1;) alert tcp $HOME_NET any -> [137.7.139.1] 1347 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.7.139.1/; sid:901047234; rev:1;) alert tcp $HOME_NET any -> [232.3.198.10] 22157 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.3.198.10/; sid:901047233; rev:1;) alert tcp $HOME_NET any -> [137.255.255.255] 1606 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.255.255.255/; sid:901047232; rev:1;) alert tcp $HOME_NET any -> [141.0.65.3] 1350 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.0.65.3/; sid:901047231; rev:1;) alert tcp $HOME_NET any -> [14.42.232.0] 1 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.42.232.0/; sid:901047230; rev:1;) alert tcp $HOME_NET any -> [6.137.0.71] 22157 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.137.0.71/; sid:901047229; rev:1;) alert tcp $HOME_NET any -> [139.0.4.255] 41456 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.0.4.255/; sid:901047228; rev:1;) alert tcp $HOME_NET any -> [131.0.71.101] 63 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.71.101/; sid:901047227; rev:1;) alert tcp $HOME_NET any -> [83.236.139.85] 22358 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.236.139.85/; sid:901047226; rev:1;) alert tcp $HOME_NET any -> [43.5.192.131] 35792 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.5.192.131/; sid:901047225; rev:1;) alert tcp $HOME_NET any -> [194.93.88.12] 16 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.93.88.12/; sid:901047224; rev:1;) alert tcp $HOME_NET any -> [4.65.139.226] 4607 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.65.139.226/; sid:901047223; rev:1;) alert tcp $HOME_NET any -> [16.117.255.20] 30207 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.117.255.20/; sid:901047222; rev:1;) alert tcp $HOME_NET any -> [49.236.139.85] 20672 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.236.139.85/; sid:901047221; rev:1;) alert tcp $HOME_NET any -> [94.95.0.1] 23899 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.95.0.1/; sid:901047220; rev:1;) alert tcp $HOME_NET any -> [142.93.82.57] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.82.57/; sid:901046387; rev:1;) alert tcp $HOME_NET any -> [78.189.76.2] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.189.76.2/; sid:900622365; rev:1;) alert tcp $HOME_NET any -> [76.69.29.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.69.29.42/; sid:901046363; rev:1;) alert tcp $HOME_NET any -> [187.235.239.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.235.239.214/; sid:901046361; rev:1;) alert tcp $HOME_NET any -> [89.32.150.160] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.150.160/; sid:900622361; rev:1;) alert tcp $HOME_NET any -> [209.141.41.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.141.41.136/; sid:900622555; rev:1;) alert tcp $HOME_NET any -> [198.58.112.7] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.58.112.7/; sid:900623400; rev:1;) alert tcp $HOME_NET any -> [192.254.173.31] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.254.173.31/; sid:900622366; rev:1;) alert tcp $HOME_NET any -> [74.208.74.92] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.208.74.92/; sid:900622360; rev:1;) alert tcp $HOME_NET any -> [116.203.117.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.203.117.76/; sid:900622374; rev:1;) alert tcp $HOME_NET any -> [93.123.73.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.123.73.37/; sid:900622358; rev:1;) alert tcp $HOME_NET any -> [5.182.210.212] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.182.210.212/; sid:900622356; rev:1;) alert tcp $HOME_NET any -> [51.89.115.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.89.115.109/; sid:900622357; rev:1;) alert tcp $HOME_NET any -> [29.199.193.86] 63059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/29.199.193.86/; sid:901044755; rev:1;) alert tcp $HOME_NET any -> [108.114.162.35] 59622 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.114.162.35/; sid:901044754; rev:1;) alert tcp $HOME_NET any -> [100.105.24.208] 461 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.105.24.208/; sid:901044753; rev:1;) alert tcp $HOME_NET any -> [145.34.142.246] 11177 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.34.142.246/; sid:901044752; rev:1;) alert tcp $HOME_NET any -> [54.197.217.75] 13454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.197.217.75/; sid:901044751; rev:1;) alert tcp $HOME_NET any -> [196.173.85.5] 46475 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.173.85.5/; sid:901044750; rev:1;) alert tcp $HOME_NET any -> [81.217.76.38] 48814 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.217.76.38/; sid:901044749; rev:1;) alert tcp $HOME_NET any -> [72.54.204.52] 46022 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.54.204.52/; sid:901044748; rev:1;) alert tcp $HOME_NET any -> [178.185.182.239] 20196 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.185.182.239/; sid:901044747; rev:1;) alert tcp $HOME_NET any -> [213.180.29.23] 27787 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.180.29.23/; sid:901044746; rev:1;) alert tcp $HOME_NET any -> [107.20.198.107] 61391 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.20.198.107/; sid:901044745; rev:1;) alert tcp $HOME_NET any -> [205.30.198.188] 38275 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.30.198.188/; sid:901044744; rev:1;) alert tcp $HOME_NET any -> [184.90.112.240] 22285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.90.112.240/; sid:901044743; rev:1;) alert tcp $HOME_NET any -> [14.105.183.39] 2790 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.105.183.39/; sid:901044742; rev:1;) alert tcp $HOME_NET any -> [139.115.150.60] 38567 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.115.150.60/; sid:901044741; rev:1;) alert tcp $HOME_NET any -> [115.41.76.31] 12906 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.41.76.31/; sid:901044740; rev:1;) alert tcp $HOME_NET any -> [66.46.99.32] 1358 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.46.99.32/; sid:901044739; rev:1;) alert tcp $HOME_NET any -> [97.209.1.205] 59609 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.209.1.205/; sid:901044738; rev:1;) alert tcp $HOME_NET any -> [184.38.32.9] 43663 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.38.32.9/; sid:901044737; rev:1;) alert tcp $HOME_NET any -> [150.227.45.203] 64456 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.227.45.203/; sid:901044736; rev:1;) alert tcp $HOME_NET any -> [74.159.64.191] 6943 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.159.64.191/; sid:901044735; rev:1;) alert tcp $HOME_NET any -> [222.180.41.29] 25918 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.180.41.29/; sid:901044734; rev:1;) alert tcp $HOME_NET any -> [34.240.194.222] 46130 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.240.194.222/; sid:901044733; rev:1;) alert tcp $HOME_NET any -> [201.120.225.193] 2200 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.120.225.193/; sid:901044732; rev:1;) alert tcp $HOME_NET any -> [220.188.203.118] 35811 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.188.203.118/; sid:901044731; rev:1;) alert tcp $HOME_NET any -> [15.22.77.78] 38438 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.22.77.78/; sid:901044730; rev:1;) alert tcp $HOME_NET any -> [68.58.187.245] 53841 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.58.187.245/; sid:901044729; rev:1;) alert tcp $HOME_NET any -> [142.76.37.186] 49014 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.76.37.186/; sid:901044728; rev:1;) alert tcp $HOME_NET any -> [188.107.20.34] 21492 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.107.20.34/; sid:901044727; rev:1;) alert tcp $HOME_NET any -> [193.163.105.225] 31366 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.163.105.225/; sid:901044726; rev:1;) alert tcp $HOME_NET any -> [232.242.51.251] 30884 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.242.51.251/; sid:901044725; rev:1;) alert tcp $HOME_NET any -> [76.129.217.110] 10711 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.129.217.110/; sid:901044724; rev:1;) alert tcp $HOME_NET any -> [29.170.153.234] 24077 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/29.170.153.234/; sid:901044723; rev:1;) alert tcp $HOME_NET any -> [32.185.175.181] 52388 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.185.175.181/; sid:901044722; rev:1;) alert tcp $HOME_NET any -> [91.241.247.140] 43765 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.241.247.140/; sid:901044721; rev:1;) alert tcp $HOME_NET any -> [156.6.143.9] 7901 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.6.143.9/; sid:901044720; rev:1;) alert tcp $HOME_NET any -> [131.44.231.116] 29470 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.44.231.116/; sid:901044719; rev:1;) alert tcp $HOME_NET any -> [122.123.148.180] 33731 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.123.148.180/; sid:901044718; rev:1;) alert tcp $HOME_NET any -> [167.113.111.229] 62138 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.113.111.229/; sid:901044717; rev:1;) alert tcp $HOME_NET any -> [224.111.122.42] 8105 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/224.111.122.42/; sid:901044716; rev:1;) alert tcp $HOME_NET any -> [139.129.25.208] 63844 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.129.25.208/; sid:901044715; rev:1;) alert tcp $HOME_NET any -> [47.153.63.225] 35163 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.153.63.225/; sid:901044714; rev:1;) alert tcp $HOME_NET any -> [223.153.82.78] 4066 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.153.82.78/; sid:901044713; rev:1;) alert tcp $HOME_NET any -> [219.102.89.195] 14780 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.102.89.195/; sid:901044712; rev:1;) alert tcp $HOME_NET any -> [162.184.46.224] 31765 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.184.46.224/; sid:901044711; rev:1;) alert tcp $HOME_NET any -> [190.16.252.241] 41416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.252.241/; sid:901044710; rev:1;) alert tcp $HOME_NET any -> [54.88.155.215] 51960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.88.155.215/; sid:901044709; rev:1;) alert tcp $HOME_NET any -> [71.94.141.239] 2859 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.94.141.239/; sid:901044708; rev:1;) alert tcp $HOME_NET any -> [186.144.254.84] 64416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.144.254.84/; sid:901044707; rev:1;) alert tcp $HOME_NET any -> [141.247.234.200] 50866 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.247.234.200/; sid:901044706; rev:1;) alert tcp $HOME_NET any -> [102.125.248.86] 43884 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.125.248.86/; sid:901044705; rev:1;) alert tcp $HOME_NET any -> [44.8.86.110] 58442 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/44.8.86.110/; sid:901044704; rev:1;) alert tcp $HOME_NET any -> [192.87.31.72] 17340 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.87.31.72/; sid:901044703; rev:1;) alert tcp $HOME_NET any -> [11.127.187.147] 45368 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/11.127.187.147/; sid:901044702; rev:1;) alert tcp $HOME_NET any -> [69.104.201.121] 40901 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.104.201.121/; sid:901044701; rev:1;) alert tcp $HOME_NET any -> [66.221.187.153] 17061 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.221.187.153/; sid:901044700; rev:1;) alert tcp $HOME_NET any -> [99.193.34.195] 33673 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.193.34.195/; sid:901044699; rev:1;) alert tcp $HOME_NET any -> [20.66.139.82] 45863 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.66.139.82/; sid:901044474; rev:1;) alert tcp $HOME_NET any -> [213.232.76.14] 30793 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.232.76.14/; sid:901044473; rev:1;) alert tcp $HOME_NET any -> [213.212.56.64] 50237 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.212.56.64/; sid:901044472; rev:1;) alert tcp $HOME_NET any -> [31.244.28.32] 7917 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.244.28.32/; sid:901044471; rev:1;) alert tcp $HOME_NET any -> [61.195.105.5] 17996 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.195.105.5/; sid:901044470; rev:1;) alert tcp $HOME_NET any -> [34.199.184.12] 1239 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/34.199.184.12/; sid:901044469; rev:1;) alert tcp $HOME_NET any -> [16.106.113.138] 18454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.106.113.138/; sid:901044468; rev:1;) alert tcp $HOME_NET any -> [82.135.250.134] 10377 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.135.250.134/; sid:901044467; rev:1;) alert tcp $HOME_NET any -> [122.186.220.242] 41344 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.186.220.242/; sid:901044466; rev:1;) alert tcp $HOME_NET any -> [104.171.128.0] 50280 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.171.128.0/; sid:901044465; rev:1;) alert tcp $HOME_NET any -> [14.2.21.128] 47042 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/14.2.21.128/; sid:901044464; rev:1;) alert tcp $HOME_NET any -> [132.144.202.40] 3266 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.144.202.40/; sid:901044463; rev:1;) alert tcp $HOME_NET any -> [145.106.109.168] 37588 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.106.109.168/; sid:901044462; rev:1;) alert tcp $HOME_NET any -> [203.18.33.103] 41767 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.18.33.103/; sid:901044461; rev:1;) alert tcp $HOME_NET any -> [200.117.159.231] 32794 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.117.159.231/; sid:901044460; rev:1;) alert tcp $HOME_NET any -> [96.85.120.0] 28491 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.85.120.0/; sid:901044459; rev:1;) alert tcp $HOME_NET any -> [126.126.244.65] 37489 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.126.244.65/; sid:901044458; rev:1;) alert tcp $HOME_NET any -> [121.215.107.191] 32700 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.215.107.191/; sid:901044457; rev:1;) alert tcp $HOME_NET any -> [233.176.96.119] 42528 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.176.96.119/; sid:901044456; rev:1;) alert tcp $HOME_NET any -> [223.225.28.55] 37304 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/223.225.28.55/; sid:901044455; rev:1;) alert tcp $HOME_NET any -> [234.170.106.16] 4057 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.170.106.16/; sid:901044454; rev:1;) alert tcp $HOME_NET any -> [137.112.67.51] 44486 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.112.67.51/; sid:901044453; rev:1;) alert tcp $HOME_NET any -> [140.3.205.77] 46834 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/140.3.205.77/; sid:901044452; rev:1;) alert tcp $HOME_NET any -> [93.11.62.243] 58516 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.11.62.243/; sid:901044451; rev:1;) alert tcp $HOME_NET any -> [168.109.23.58] 59453 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.109.23.58/; sid:901044450; rev:1;) alert tcp $HOME_NET any -> [96.77.15.190] 6860 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.77.15.190/; sid:901044449; rev:1;) alert tcp $HOME_NET any -> [130.132.163.29] 38568 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/130.132.163.29/; sid:901044384; rev:1;) alert tcp $HOME_NET any -> [74.194.23.99] 662 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.194.23.99/; sid:901044383; rev:1;) alert tcp $HOME_NET any -> [106.239.164.220] 54408 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.239.164.220/; sid:901044382; rev:1;) alert tcp $HOME_NET any -> [112.17.67.75] 6712 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.17.67.75/; sid:901044381; rev:1;) alert tcp $HOME_NET any -> [155.133.163.23] 30830 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.133.163.23/; sid:901044380; rev:1;) alert tcp $HOME_NET any -> [232.70.223.22] 60784 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.70.223.22/; sid:901044379; rev:1;) alert tcp $HOME_NET any -> [216.136.132.89] 39137 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.136.132.89/; sid:901044378; rev:1;) alert tcp $HOME_NET any -> [206.84.3.115] 29117 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.84.3.115/; sid:901044377; rev:1;) alert tcp $HOME_NET any -> [110.213.80.89] 4321 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.213.80.89/; sid:901044376; rev:1;) alert tcp $HOME_NET any -> [98.99.147.113] 5111 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.99.147.113/; sid:901044375; rev:1;) alert tcp $HOME_NET any -> [149.190.241.48] 14379 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.190.241.48/; sid:901044374; rev:1;) alert tcp $HOME_NET any -> [109.156.62.40] 22116 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.156.62.40/; sid:901044373; rev:1;) alert tcp $HOME_NET any -> [123.98.227.193] 48446 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.98.227.193/; sid:901044372; rev:1;) alert tcp $HOME_NET any -> [182.132.116.36] 4698 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.132.116.36/; sid:901044371; rev:1;) alert tcp $HOME_NET any -> [110.94.93.15] 7836 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.94.93.15/; sid:901044370; rev:1;) alert tcp $HOME_NET any -> [149.92.161.76] 23970 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.92.161.76/; sid:901044369; rev:1;) alert tcp $HOME_NET any -> [73.60.66.9] 77 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.60.66.9/; sid:901044368; rev:1;) alert tcp $HOME_NET any -> [11.29.45.178] 5454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/11.29.45.178/; sid:901044367; rev:1;) alert tcp $HOME_NET any -> [187.142.104.70] 50586 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.142.104.70/; sid:901044366; rev:1;) alert tcp $HOME_NET any -> [73.135.92.33] 27367 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.135.92.33/; sid:901044365; rev:1;) alert tcp $HOME_NET any -> [66.61.180.205] 24196 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.61.180.205/; sid:901044364; rev:1;) alert tcp $HOME_NET any -> [16.250.226.249] 21941 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.250.226.249/; sid:901044363; rev:1;) alert tcp $HOME_NET any -> [96.184.57.180] 19860 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.184.57.180/; sid:901044362; rev:1;) alert tcp $HOME_NET any -> [233.129.117.191] 24308 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.129.117.191/; sid:901044361; rev:1;) alert tcp $HOME_NET any -> [18.202.235.151] 12022 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.202.235.151/; sid:901044360; rev:1;) alert tcp $HOME_NET any -> [136.128.170.61] 6482 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.128.170.61/; sid:901044359; rev:1;) alert tcp $HOME_NET any -> [15.248.175.120] 52715 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.248.175.120/; sid:901044358; rev:1;) alert tcp $HOME_NET any -> [120.238.117.27] 31168 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.238.117.27/; sid:901044357; rev:1;) alert tcp $HOME_NET any -> [217.184.191.40] 24398 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.184.191.40/; sid:901044356; rev:1;) alert tcp $HOME_NET any -> [172.208.138.206] 41543 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.208.138.206/; sid:901044355; rev:1;) alert tcp $HOME_NET any -> [36.68.141.0] 20480 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.141.0/; sid:901044354; rev:1;) alert tcp $HOME_NET any -> [220.1.221.81] 24589 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.1.221.81/; sid:901044353; rev:1;) alert tcp $HOME_NET any -> [24.232.131.3] 22873 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.232.131.3/; sid:901044352; rev:1;) alert tcp $HOME_NET any -> [96.13.220.12] 18173 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.13.220.12/; sid:901044351; rev:1;) alert tcp $HOME_NET any -> [232.36.28.221] 20281 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.36.28.221/; sid:901044350; rev:1;) alert tcp $HOME_NET any -> [36.68.141.1] 20480 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.68.141.1/; sid:901044349; rev:1;) alert tcp $HOME_NET any -> [8.194.94.255] 20736 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.194.94.255/; sid:901044348; rev:1;) alert tcp $HOME_NET any -> [12.36.76.139] 46312 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.36.76.139/; sid:901044347; rev:1;) alert tcp $HOME_NET any -> [32.232.80.8] 65528 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.232.80.8/; sid:901044346; rev:1;) alert tcp $HOME_NET any -> [116.139.86.4] 3108 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.139.86.4/; sid:901044345; rev:1;) alert tcp $HOME_NET any -> [16.194.255.255] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.194.255.255/; sid:901044344; rev:1;) alert tcp $HOME_NET any -> [28.221.12.36] 59428 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.221.12.36/; sid:901044343; rev:1;) alert tcp $HOME_NET any -> [68.221.81.81] 4132 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.221.81.81/; sid:901044342; rev:1;) alert tcp $HOME_NET any -> [232.8.36.76] 62795 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.8.36.76/; sid:901044341; rev:1;) alert tcp $HOME_NET any -> [199.7.115.158] 2113 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.7.115.158/; sid:901044340; rev:1;) alert tcp $HOME_NET any -> [158.224.223.0] 3447 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.224.223.0/; sid:901044339; rev:1;) alert tcp $HOME_NET any -> [220.1.221.0] 20509 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.1.221.0/; sid:901044338; rev:1;) alert tcp $HOME_NET any -> [8.69.139.244] 24159 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.69.139.244/; sid:901044337; rev:1;) alert tcp $HOME_NET any -> [193.88.232.240] 2 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.88.232.240/; sid:901044336; rev:1;) alert tcp $HOME_NET any -> [101.128.236.117] 252 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.128.236.117/; sid:901044335; rev:1;) alert tcp $HOME_NET any -> [2.232.8.117] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.232.8.117/; sid:901044334; rev:1;) alert tcp $HOME_NET any -> [117.255.0.2] 35824 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.0.2/; sid:901044333; rev:1;) alert tcp $HOME_NET any -> [117.137.12.117] 59644 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.137.12.117/; sid:901044332; rev:1;) alert tcp $HOME_NET any -> [141.1.106.240] 61517 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.1.106.240/; sid:901044331; rev:1;) alert tcp $HOME_NET any -> [87.86.0.236] 63883 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.86.0.236/; sid:901044330; rev:1;) alert tcp $HOME_NET any -> [4.84.161.81] 72 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/4.84.161.81/; sid:901044329; rev:1;) alert tcp $HOME_NET any -> [105.232.0.70] 25 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.232.0.70/; sid:901044328; rev:1;) alert tcp $HOME_NET any -> [175.19.159.180] 7612 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.19.159.180/; sid:901044327; rev:1;) alert tcp $HOME_NET any -> [13.212.190.62] 45415 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/13.212.190.62/; sid:901044326; rev:1;) alert tcp $HOME_NET any -> [70.74.102.169] 51789 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.74.102.169/; sid:901044325; rev:1;) alert tcp $HOME_NET any -> [57.53.113.209] 1784 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.53.113.209/; sid:901044324; rev:1;) alert tcp $HOME_NET any -> [232.245.179.64] 55573 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.245.179.64/; sid:901044323; rev:1;) alert tcp $HOME_NET any -> [116.135.91.57] 26704 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.135.91.57/; sid:901044322; rev:1;) alert tcp $HOME_NET any -> [112.180.149.8] 34995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.180.149.8/; sid:901044321; rev:1;) alert tcp $HOME_NET any -> [175.31.60.2] 47902 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.31.60.2/; sid:901044320; rev:1;) alert tcp $HOME_NET any -> [42.7.18.251] 3749 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.7.18.251/; sid:901044319; rev:1;) alert tcp $HOME_NET any -> [56.236.82.228] 47477 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.236.82.228/; sid:901044318; rev:1;) alert tcp $HOME_NET any -> [36.141.252.119] 57443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.141.252.119/; sid:901044317; rev:1;) alert tcp $HOME_NET any -> [114.128.97.195] 42401 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.128.97.195/; sid:901044316; rev:1;) alert tcp $HOME_NET any -> [111.133.22.86] 6789 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.133.22.86/; sid:901044315; rev:1;) alert tcp $HOME_NET any -> [216.209.141.55] 20687 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.209.141.55/; sid:901044314; rev:1;) alert tcp $HOME_NET any -> [28.138.174.59] 34068 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.138.174.59/; sid:901044313; rev:1;) alert tcp $HOME_NET any -> [131.197.69.45] 25030 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.197.69.45/; sid:901044312; rev:1;) alert tcp $HOME_NET any -> [150.213.194.222] 31303 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/150.213.194.222/; sid:901044311; rev:1;) alert tcp $HOME_NET any -> [9.64.198.105] 34523 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.64.198.105/; sid:901044310; rev:1;) alert tcp $HOME_NET any -> [38.81.33.5] 32619 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.81.33.5/; sid:901044309; rev:1;) alert tcp $HOME_NET any -> [144.57.58.236] 43292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.57.58.236/; sid:901044308; rev:1;) alert tcp $HOME_NET any -> [97.204.19.221] 30504 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.204.19.221/; sid:901044307; rev:1;) alert tcp $HOME_NET any -> [166.104.135.99] 176 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.104.135.99/; sid:901044306; rev:1;) alert tcp $HOME_NET any -> [135.187.28.87] 54987 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.187.28.87/; sid:901044305; rev:1;) alert tcp $HOME_NET any -> [141.214.42.95] 23551 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.214.42.95/; sid:901044304; rev:1;) alert tcp $HOME_NET any -> [52.70.229.200] 30671 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/52.70.229.200/; sid:901044303; rev:1;) alert tcp $HOME_NET any -> [174.92.121.2] 13433 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.92.121.2/; sid:901044302; rev:1;) alert tcp $HOME_NET any -> [184.66.33.96] 48681 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.66.33.96/; sid:901044301; rev:1;) alert tcp $HOME_NET any -> [209.124.164.217] 26416 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.124.164.217/; sid:901044300; rev:1;) alert tcp $HOME_NET any -> [166.107.136.70] 1363 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/166.107.136.70/; sid:901044299; rev:1;) alert tcp $HOME_NET any -> [109.113.101.179] 24669 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.113.101.179/; sid:901044298; rev:1;) alert tcp $HOME_NET any -> [24.160.158.43] 33358 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.160.158.43/; sid:901044297; rev:1;) alert tcp $HOME_NET any -> [80.227.67.18] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.227.67.18/; sid:900622363; rev:1;) alert tcp $HOME_NET any -> [155.124.180.236] 23188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.124.180.236/; sid:901043535; rev:1;) alert tcp $HOME_NET any -> [43.56.61.47] 51467 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.56.61.47/; sid:901043534; rev:1;) alert tcp $HOME_NET any -> [156.6.144.166] 18334 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/156.6.144.166/; sid:901043533; rev:1;) alert tcp $HOME_NET any -> [195.41.62.181] 18713 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.41.62.181/; sid:901043532; rev:1;) alert tcp $HOME_NET any -> [236.25.249.214] 9515 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/236.25.249.214/; sid:901043531; rev:1;) alert tcp $HOME_NET any -> [94.135.17.47] 3626 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.135.17.47/; sid:901043530; rev:1;) alert tcp $HOME_NET any -> [137.255.255.248] 2167 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.255.255.248/; sid:901043465; rev:1;) alert tcp $HOME_NET any -> [80.255.255.249] 53131 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.255.255.249/; sid:901043464; rev:1;) alert tcp $HOME_NET any -> [69.141.80.244] 20700 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.141.80.244/; sid:901043463; rev:1;) alert tcp $HOME_NET any -> [233.0.0.0] 170 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/233.0.0.0/; sid:901042758; rev:1;) alert tcp $HOME_NET any -> [89.240.139.255] 18119 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.240.139.255/; sid:901042757; rev:1;) alert tcp $HOME_NET any -> [71.156.136.161] 10496 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.156.136.161/; sid:901042755; rev:1;) alert tcp $HOME_NET any -> [132.15.89.192] 202 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.15.89.192/; sid:901042754; rev:1;) alert tcp $HOME_NET any -> [15.240.139.89] 55684 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.240.139.89/; sid:901042753; rev:1;) alert tcp $HOME_NET any -> [132.61.131.255] 18332 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.61.131.255/; sid:901042752; rev:1;) alert tcp $HOME_NET any -> [80.8.69.141] 36072 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.8.69.141/; sid:901042756; rev:1;) alert tcp $HOME_NET any -> [71.156.128.5] 35072 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.156.128.5/; sid:901042750; rev:1;) alert tcp $HOME_NET any -> [23.239.84.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.239.84.134/; sid:900622352; rev:1;) alert tcp $HOME_NET any -> [195.123.234.85] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.234.85/; sid:900622351; rev:1;) alert tcp $HOME_NET any -> [67.225.229.55] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.225.229.55/; sid:900622364; rev:1;) alert tcp $HOME_NET any -> [229.254.61.50] 10064 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.254.61.50/; sid:901041789; rev:1;) alert tcp $HOME_NET any -> [229.139.178.0] 32399 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.139.178.0/; sid:901041788; rev:1;) alert tcp $HOME_NET any -> [191.75.167.146] 15719 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.75.167.146/; sid:901041787; rev:1;) alert tcp $HOME_NET any -> [106.241.100.98] 50216 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.241.100.98/; sid:901041786; rev:1;) alert tcp $HOME_NET any -> [121.139.40.150] 46943 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.139.40.150/; sid:901041785; rev:1;) alert tcp $HOME_NET any -> [18.201.109.148] 59854 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/18.201.109.148/; sid:901041784; rev:1;) alert tcp $HOME_NET any -> [86.185.158.137] 36427 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.185.158.137/; sid:901041783; rev:1;) alert tcp $HOME_NET any -> [97.66.43.101] 51806 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/97.66.43.101/; sid:901041782; rev:1;) alert tcp $HOME_NET any -> [65.87.75.201] 22107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.87.75.201/; sid:901041781; rev:1;) alert tcp $HOME_NET any -> [198.40.21.242] 36654 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.40.21.242/; sid:901041780; rev:1;) alert tcp $HOME_NET any -> [87.189.10.216] 25044 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.189.10.216/; sid:901041779; rev:1;) alert tcp $HOME_NET any -> [107.61.205.190] 19342 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.61.205.190/; sid:901041778; rev:1;) alert tcp $HOME_NET any -> [77.210.109.51] 5108 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.210.109.51/; sid:901041777; rev:1;) alert tcp $HOME_NET any -> [32.45.167.109] 26489 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.45.167.109/; sid:901041776; rev:1;) alert tcp $HOME_NET any -> [133.44.215.139] 48094 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.44.215.139/; sid:901041775; rev:1;) alert tcp $HOME_NET any -> [228.94.113.86] 58777 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/228.94.113.86/; sid:901041774; rev:1;) alert tcp $HOME_NET any -> [93.94.234.231] 62915 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.94.234.231/; sid:901041773; rev:1;) alert tcp $HOME_NET any -> [103.105.76.150] 35698 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.105.76.150/; sid:901041772; rev:1;) alert tcp $HOME_NET any -> [239.9.120.122] 39651 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/239.9.120.122/; sid:901041771; rev:1;) alert tcp $HOME_NET any -> [44.167.59.239] 63801 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/44.167.59.239/; sid:901041770; rev:1;) alert tcp $HOME_NET any -> [23.19.44.221] 45482 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.19.44.221/; sid:901041769; rev:1;) alert tcp $HOME_NET any -> [152.37.26.37] 62150 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.37.26.37/; sid:901041768; rev:1;) alert tcp $HOME_NET any -> [162.240.129.46] 44917 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.240.129.46/; sid:901041767; rev:1;) alert tcp $HOME_NET any -> [173.18.181.152] 38791 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.18.181.152/; sid:901041766; rev:1;) alert tcp $HOME_NET any -> [98.185.152.241] 63965 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/98.185.152.241/; sid:901041765; rev:1;) alert tcp $HOME_NET any -> [27.22.235.78] 30095 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.22.235.78/; sid:901041764; rev:1;) alert tcp $HOME_NET any -> [182.242.99.181] 40547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.242.99.181/; sid:901041763; rev:1;) alert tcp $HOME_NET any -> [214.133.186.150] 41145 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/214.133.186.150/; sid:901041762; rev:1;) alert tcp $HOME_NET any -> [112.43.0.147] 44050 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/112.43.0.147/; sid:901041761; rev:1;) alert tcp $HOME_NET any -> [152.101.41.39] 12923 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.101.41.39/; sid:901041760; rev:1;) alert tcp $HOME_NET any -> [229.22.20.169] 46680 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.22.20.169/; sid:901041759; rev:1;) alert tcp $HOME_NET any -> [8.93.139.226] 139 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.93.139.226/; sid:901041758; rev:1;) alert tcp $HOME_NET any -> [3.66.0.71] 15327 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/3.66.0.71/; sid:901041757; rev:1;) alert tcp $HOME_NET any -> [57.100.131.12] 252 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.100.131.12/; sid:901041756; rev:1;) alert tcp $HOME_NET any -> [139.2.225.193] 20606 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.2.225.193/; sid:901041755; rev:1;) alert tcp $HOME_NET any -> [125.209.59.87] 36135 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.209.59.87/; sid:901041754; rev:1;) alert tcp $HOME_NET any -> [153.124.13.139] 71 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/153.124.13.139/; sid:901041753; rev:1;) alert tcp $HOME_NET any -> [21.139.0.0] 39288 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.139.0.0/; sid:901041752; rev:1;) alert tcp $HOME_NET any -> [8.249.131.4] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.249.131.4/; sid:901041751; rev:1;) alert tcp $HOME_NET any -> [137.12.77.139] 21582 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.12.77.139/; sid:901041750; rev:1;) alert tcp $HOME_NET any -> [78.139.0.0] 35156 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.139.0.0/; sid:901041749; rev:1;) alert tcp $HOME_NET any -> [1.251.131.0] 33807 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.251.131.0/; sid:901041748; rev:1;) alert tcp $HOME_NET any -> [88.1.106.0] 63977 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.1.106.0/; sid:901041747; rev:1;) alert tcp $HOME_NET any -> [117.5.251.131] 33548 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.5.251.131/; sid:901041746; rev:1;) alert tcp $HOME_NET any -> [132.15.8.93] 257 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.15.8.93/; sid:901041745; rev:1;) alert tcp $HOME_NET any -> [88.139.0.0] 34056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.139.0.0/; sid:901041744; rev:1;) alert tcp $HOME_NET any -> [89.192.133.89] 33807 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.192.133.89/; sid:901041743; rev:1;) alert tcp $HOME_NET any -> [232.8.117.255] 294 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.8.117.255/; sid:901041742; rev:1;) alert tcp $HOME_NET any -> [139.255.255.236] 65520 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.255.236/; sid:901041741; rev:1;) alert tcp $HOME_NET any -> [81.236.139.85] 22099 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.236.139.85/; sid:901041740; rev:1;) alert tcp $HOME_NET any -> [106.2.235.240] 22767 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.2.235.240/; sid:901041739; rev:1;) alert tcp $HOME_NET any -> [106.10.235.241] 60402 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.10.235.241/; sid:901041738; rev:1;) alert tcp $HOME_NET any -> [106.18.235.243] 60406 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.18.235.243/; sid:901041737; rev:1;) alert tcp $HOME_NET any -> [106.26.235.245] 60404 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.26.235.245/; sid:901041736; rev:1;) alert tcp $HOME_NET any -> [106.34.235.251] 60407 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.34.235.251/; sid:901041735; rev:1;) alert tcp $HOME_NET any -> [106.42.235.248] 60409 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.42.235.248/; sid:901041734; rev:1;) alert tcp $HOME_NET any -> [106.50.235.252] 60410 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.50.235.252/; sid:901041733; rev:1;) alert tcp $HOME_NET any -> [106.195.201.91] 60414 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.195.201.91/; sid:901041732; rev:1;) alert tcp $HOME_NET any -> [236.84.5.59] 71 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/236.84.5.59/; sid:901041731; rev:1;) alert tcp $HOME_NET any -> [69.139.224.69] 35296 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.139.224.69/; sid:901041730; rev:1;) alert tcp $HOME_NET any -> [195.200.70.190] 65422 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.200.70.190/; sid:901041729; rev:1;) alert tcp $HOME_NET any -> [33.172.87.72] 21403 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/33.172.87.72/; sid:901041728; rev:1;) alert tcp $HOME_NET any -> [216.142.137.159] 63977 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.142.137.159/; sid:901041727; rev:1;) alert tcp $HOME_NET any -> [60.205.210.66] 21176 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.205.210.66/; sid:901041726; rev:1;) alert tcp $HOME_NET any -> [194.105.101.104] 32429 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.105.101.104/; sid:901041725; rev:1;) alert tcp $HOME_NET any -> [214.187.224.223] 35949 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/214.187.224.223/; sid:901041724; rev:1;) alert tcp $HOME_NET any -> [222.219.229.91] 18038 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.219.229.91/; sid:901041723; rev:1;) alert tcp $HOME_NET any -> [148.255.228.51] 45339 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.255.228.51/; sid:901041722; rev:1;) alert tcp $HOME_NET any -> [15.192.80.14] 60140 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.192.80.14/; sid:901041721; rev:1;) alert tcp $HOME_NET any -> [149.129.95.3] 27685 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.129.95.3/; sid:901041720; rev:1;) alert tcp $HOME_NET any -> [60.141.7.15] 55083 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.141.7.15/; sid:901041719; rev:1;) alert tcp $HOME_NET any -> [144.111.71.71] 56807 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.111.71.71/; sid:901041718; rev:1;) alert tcp $HOME_NET any -> [131.39.116.189] 58281 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.39.116.189/; sid:901041717; rev:1;) alert tcp $HOME_NET any -> [51.98.55.178] 9498 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.98.55.178/; sid:901041716; rev:1;) alert tcp $HOME_NET any -> [100.132.182.44] 50463 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/100.132.182.44/; sid:901041715; rev:1;) alert tcp $HOME_NET any -> [228.89.214.107] 23296 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/228.89.214.107/; sid:901041714; rev:1;) alert tcp $HOME_NET any -> [238.25.11.80] 20371 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/238.25.11.80/; sid:901041713; rev:1;) alert tcp $HOME_NET any -> [182.15.150.214] 61183 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.15.150.214/; sid:901041712; rev:1;) alert tcp $HOME_NET any -> [101.98.47.57] 5310 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.98.47.57/; sid:901041711; rev:1;) alert tcp $HOME_NET any -> [176.69.24.192] 35046 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.69.24.192/; sid:901041710; rev:1;) alert tcp $HOME_NET any -> [221.22.194.209] 36086 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.22.194.209/; sid:901041709; rev:1;) alert tcp $HOME_NET any -> [230.85.101.86] 44334 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/230.85.101.86/; sid:901041708; rev:1;) alert tcp $HOME_NET any -> [65.249.98.18] 35602 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.249.98.18/; sid:901041707; rev:1;) alert tcp $HOME_NET any -> [23.208.29.250] 15326 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.208.29.250/; sid:901041706; rev:1;) alert tcp $HOME_NET any -> [36.124.63.196] 35822 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.124.63.196/; sid:901041705; rev:1;) alert tcp $HOME_NET any -> [9.56.75.14] 42293 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.56.75.14/; sid:901041704; rev:1;) alert tcp $HOME_NET any -> [174.75.14.255] 35628 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.75.14.255/; sid:901041703; rev:1;) alert tcp $HOME_NET any -> [102.184.135.228] 46518 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.184.135.228/; sid:901041702; rev:1;) alert tcp $HOME_NET any -> [175.75.199.186] 34730 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.75.199.186/; sid:901041701; rev:1;) alert tcp $HOME_NET any -> [37.228.117.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.50/; sid:900622350; rev:1;) alert tcp $HOME_NET any -> [45.132.18.72] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.132.18.72/; sid:900622349; rev:1;) alert tcp $HOME_NET any -> [185.14.187.201] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.187.201/; sid:900622354; rev:1;) alert tcp $HOME_NET any -> [5.53.124.166] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.166/; sid:900622348; rev:1;) alert tcp $HOME_NET any -> [203.99.182.135] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.99.182.135/; sid:900622387; rev:1;) alert tcp $HOME_NET any -> [186.1.41.111] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.1.41.111/; sid:900622370; rev:1;) alert tcp $HOME_NET any -> [107.181.187.149] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.187.149/; sid:900622347; rev:1;) alert tcp $HOME_NET any -> [187.147.184.249] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.184.249/; sid:901041154; rev:1;) alert tcp $HOME_NET any -> [86.98.61.221] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.61.221/; sid:901041152; rev:1;) alert tcp $HOME_NET any -> [181.189.213.231] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.189.213.231/; sid:901041142; rev:1;) alert tcp $HOME_NET any -> [200.24.248.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.24.248.206/; sid:901041125; rev:1;) alert tcp $HOME_NET any -> [80.1.76.46] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.1.76.46/; sid:901040896; rev:1;) alert tcp $HOME_NET any -> [195.242.117.231] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.242.117.231/; sid:901040881; rev:1;) alert tcp $HOME_NET any -> [82.15.36.209] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.15.36.209/; sid:901040870; rev:1;) alert tcp $HOME_NET any -> [81.109.227.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.109.227.123/; sid:901040869; rev:1;) alert tcp $HOME_NET any -> [46.32.228.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.32.228.206/; sid:901040763; rev:1;) alert tcp $HOME_NET any -> [181.228.60.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.60.191/; sid:901040762; rev:1;) alert tcp $HOME_NET any -> [5.153.252.228] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.153.252.228/; sid:901040754; rev:1;) alert tcp $HOME_NET any -> [104.236.151.95] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.151.95/; sid:901040751; rev:1;) alert tcp $HOME_NET any -> [186.121.248.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.121.248.153/; sid:901040741; rev:1;) alert tcp $HOME_NET any -> [2.116.194.59] 2303 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.116.194.59/; sid:901039492; rev:1;) alert tcp $HOME_NET any -> [8.255.2.116] 16779 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/8.255.2.116/; sid:901039491; rev:1;) alert tcp $HOME_NET any -> [139.8.255.2] 13377 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.8.255.2/; sid:901039490; rev:1;) alert tcp $HOME_NET any -> [210.51.0.0] 51771 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.51.0.0/; sid:901039489; rev:1;) alert tcp $HOME_NET any -> [57.219.51.83] 35869 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.219.51.83/; sid:901039360; rev:1;) alert tcp $HOME_NET any -> [139.85.204.255] 33772 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.85.204.255/; sid:901039359; rev:1;) alert tcp $HOME_NET any -> [3.106.89.89] 55272 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/3.106.89.89/; sid:901039358; rev:1;) alert tcp $HOME_NET any -> [232.22.106.255] 6426 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.22.106.255/; sid:901039357; rev:1;) alert tcp $HOME_NET any -> [21.255.70.246] 33260 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.255.70.246/; sid:901039356; rev:1;) alert tcp $HOME_NET any -> [2.116.192.133] 63027 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.116.192.133/; sid:901039355; rev:1;) alert tcp $HOME_NET any -> [21.255.70.12] 33276 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.255.70.12/; sid:901039354; rev:1;) alert tcp $HOME_NET any -> [51.12.36.116] 65526 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.12.36.116/; sid:901039353; rev:1;) alert tcp $HOME_NET any -> [198.139.246.51] 50014 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.139.246.51/; sid:901039352; rev:1;) alert tcp $HOME_NET any -> [36.116.255.246] 17932 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.116.255.246/; sid:901039351; rev:1;) alert tcp $HOME_NET any -> [131.96.21.255] 68 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.96.21.255/; sid:901039350; rev:1;) alert tcp $HOME_NET any -> [192.0.0.23] 2165 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.0.0.23/; sid:901039349; rev:1;) alert tcp $HOME_NET any -> [101.139.195.64] 33256 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.139.195.64/; sid:901039348; rev:1;) alert tcp $HOME_NET any -> [137.0.139.0] 58437 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.0.139.0/; sid:901039347; rev:1;) alert tcp $HOME_NET any -> [36.235.224.69] 17803 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.235.224.69/; sid:901039346; rev:1;) alert tcp $HOME_NET any -> [117.255.12.117] 65288 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.255.12.117/; sid:901039345; rev:1;) alert tcp $HOME_NET any -> [131.0.70.38] 64613 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.0.70.38/; sid:901039344; rev:1;) alert tcp $HOME_NET any -> [3.95.184.10] 65 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/3.95.184.10/; sid:901039343; rev:1;) alert tcp $HOME_NET any -> [70.38.136.163] 34048 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.38.136.163/; sid:901039342; rev:1;) alert tcp $HOME_NET any -> [21.255.80.0] 33624 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.255.80.0/; sid:901039341; rev:1;) alert tcp $HOME_NET any -> [21.116.192.133] 56424 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.116.192.133/; sid:901039340; rev:1;) alert tcp $HOME_NET any -> [21.255.0.68] 33620 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/21.255.0.68/; sid:901039339; rev:1;) alert tcp $HOME_NET any -> [116.1.0.70] 26660 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.1.0.70/; sid:901039338; rev:1;) alert tcp $HOME_NET any -> [55.117.192.133] 15747 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/55.117.192.133/; sid:901039337; rev:1;) alert tcp $HOME_NET any -> [161.255.255.114] 9864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.255.255.114/; sid:901039336; rev:1;) alert tcp $HOME_NET any -> [24.8.104.16] 69 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.8.104.16/; sid:901039335; rev:1;) alert tcp $HOME_NET any -> [199.1.83.141] 63557 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.1.83.141/; sid:901038982; rev:1;) alert tcp $HOME_NET any -> [16.77.255.5] 904 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.77.255.5/; sid:901038981; rev:1;) alert tcp $HOME_NET any -> [139.28.116.10] 35335 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.28.116.10/; sid:901038980; rev:1;) alert tcp $HOME_NET any -> [116.72.193.246] 32802 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/116.72.193.246/; sid:901038979; rev:1;) alert tcp $HOME_NET any -> [133.15.2.193] 400 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.15.2.193/; sid:901038978; rev:1;) alert tcp $HOME_NET any -> [198.3.2.230] 18570 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.3.2.230/; sid:901038977; rev:1;) alert tcp $HOME_NET any -> [70.55.160.141] 35584 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.55.160.141/; sid:901038976; rev:1;) alert tcp $HOME_NET any -> [141.5.249.193] 49204 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.5.249.193/; sid:901038975; rev:1;) alert tcp $HOME_NET any -> [139.8.69.139] 2112 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.8.69.139/; sid:901047313; rev:1;) alert tcp $HOME_NET any -> [132.15.211.139] 440 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.15.211.139/; sid:901038973; rev:1;) alert tcp $HOME_NET any -> [139.83.0.16] 3165 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.83.0.16/; sid:901038972; rev:1;) alert tcp $HOME_NET any -> [101.131.12.236] 248 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.131.12.236/; sid:901038971; rev:1;) alert tcp $HOME_NET any -> [195.201.91.94] 35669 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.201.91.94/; sid:901038970; rev:1;) alert tcp $HOME_NET any -> [184.12.70.137] 65535 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.12.70.137/; sid:901038969; rev:1;) alert tcp $HOME_NET any -> [235.0.0.255] 33547 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.0.0.255/; sid:901038968; rev:1;) alert tcp $HOME_NET any -> [15.235.32.12] 50059 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.235.32.12/; sid:901038967; rev:1;) alert tcp $HOME_NET any -> [95.12.125.57] 1652 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.12.125.57/; sid:901038966; rev:1;) alert tcp $HOME_NET any -> [196.131.255.255] 23320 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.131.255.255/; sid:901051041; rev:1;) alert tcp $HOME_NET any -> [93.137.102.81] 59404 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.137.102.81/; sid:901038964; rev:1;) alert tcp $HOME_NET any -> [87.95.2.106] 17805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.95.2.106/; sid:901038963; rev:1;) alert tcp $HOME_NET any -> [235.24.137.102] 35611 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.24.137.102/; sid:901038962; rev:1;) alert tcp $HOME_NET any -> [70.139.12.196] 35592 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.139.12.196/; sid:901038961; rev:1;) alert tcp $HOME_NET any -> [109.232.81.83] 65507 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.232.81.83/; sid:901038960; rev:1;) alert tcp $HOME_NET any -> [32.4.64.246] 3188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.4.64.246/; sid:901038959; rev:1;) alert tcp $HOME_NET any -> [184.5.235.130] 63200 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.5.235.130/; sid:901038958; rev:1;) alert tcp $HOME_NET any -> [141.31.224.131] 49156 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.31.224.131/; sid:901038957; rev:1;) alert tcp $HOME_NET any -> [55.160.149.20] 70 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/55.160.149.20/; sid:901038956; rev:1;) alert tcp $HOME_NET any -> [209.139.25.116] 64193 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/209.139.25.116/; sid:901038955; rev:1;) alert tcp $HOME_NET any -> [235.12.69.137] 33586 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/235.12.69.137/; sid:901038954; rev:1;) alert tcp $HOME_NET any -> [232.81.80.87] 58909 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.81.80.87/; sid:901038953; rev:1;) alert tcp $HOME_NET any -> [137.251.59.74] 1110 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.251.59.74/; sid:901038952; rev:1;) alert tcp $HOME_NET any -> [86.139.22.137] 11032 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.139.22.137/; sid:901038951; rev:1;) alert tcp $HOME_NET any -> [181.231.62.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.231.62.54/; sid:900622680; rev:1;) alert tcp $HOME_NET any -> [201.183.247.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.183.247.58/; sid:900622413; rev:1;) alert tcp $HOME_NET any -> [181.31.213.158] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.213.158/; sid:900622353; rev:1;) alert tcp $HOME_NET any -> [185.68.93.20] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.68.93.20/; sid:900622344; rev:1;) alert tcp $HOME_NET any -> [37.18.30.111] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.111/; sid:900622341; rev:1;) alert tcp $HOME_NET any -> [172.245.205.211] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.205.211/; sid:900622340; rev:1;) alert tcp $HOME_NET any -> [192.227.232.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.41/; sid:900622339; rev:1;) alert tcp $HOME_NET any -> [185.14.31.40] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.14.31.40/; sid:900622337; rev:1;) alert tcp $HOME_NET any -> [66.85.156.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.156.68/; sid:900622336; rev:1;) alert tcp $HOME_NET any -> [185.251.39.114] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.114/; sid:900622335; rev:1;) alert tcp $HOME_NET any -> [107.172.249.205] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.249.205/; sid:900622333; rev:1;) alert tcp $HOME_NET any -> [181.55.171.237] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.55.171.237/; sid:901013952; rev:1;) alert tcp $HOME_NET any -> [38.131.14.154] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.131.14.154/; sid:901013397; rev:1;) alert tcp $HOME_NET any -> [178.152.64.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.64.225/; sid:901013386; rev:1;) alert tcp $HOME_NET any -> [89.211.201.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.201.179/; sid:901013384; rev:1;) alert tcp $HOME_NET any -> [190.228.72.244] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.228.72.244/; sid:900622327; rev:1;) alert tcp $HOME_NET any -> [45.79.188.67] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.188.67/; sid:900622325; rev:1;) alert tcp $HOME_NET any -> [162.241.232.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.232.82/; sid:900622330; rev:1;) alert tcp $HOME_NET any -> [124.240.198.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.240.198.66/; sid:900622326; rev:1;) alert tcp $HOME_NET any -> [37.211.85.139] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.85.139/; sid:901012935; rev:1;) alert tcp $HOME_NET any -> [91.205.215.10] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.10/; sid:901012925; rev:1;) alert tcp $HOME_NET any -> [46.101.142.115] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.142.115/; sid:901012922; rev:1;) alert tcp $HOME_NET any -> [198.58.114.91] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.58.114.91/; sid:901012917; rev:1;) alert tcp $HOME_NET any -> [186.144.64.31] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.144.64.31/; sid:901012916; rev:1;) alert tcp $HOME_NET any -> [142.4.198.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.4.198.249/; sid:901012906; rev:1;) alert tcp $HOME_NET any -> [186.23.146.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.23.146.42/; sid:901012889; rev:1;) alert tcp $HOME_NET any -> [190.246.146.101] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.246.146.101/; sid:901012883; rev:1;) alert tcp $HOME_NET any -> [181.171.118.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.171.118.19/; sid:901012879; rev:1;) alert tcp $HOME_NET any -> [104.236.217.164] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.217.164/; sid:901012875; rev:1;) alert tcp $HOME_NET any -> [181.231.72.200] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.231.72.200/; sid:901012873; rev:1;) alert tcp $HOME_NET any -> [187.162.62.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.162.62.135/; sid:901012872; rev:1;) alert tcp $HOME_NET any -> [23.227.206.136] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.227.206.136/; sid:900622324; rev:1;) alert tcp $HOME_NET any -> [81.177.136.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.107/; sid:900622322; rev:1;) alert tcp $HOME_NET any -> [185.142.99.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.41/; sid:900622323; rev:1;) alert tcp $HOME_NET any -> [115.88.70.226] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.88.70.226/; sid:900622329; rev:1;) alert tcp $HOME_NET any -> [162.247.155.102] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.102/; sid:900622321; rev:1;) alert tcp $HOME_NET any -> [94.156.189.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.189.106/; sid:900622317; rev:1;) alert tcp $HOME_NET any -> [185.98.87.218] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.218/; sid:900622318; rev:1;) alert tcp $HOME_NET any -> [93.189.46.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.46.110/; sid:900622320; rev:1;) alert tcp $HOME_NET any -> [107.181.187.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.187.60/; sid:900622319; rev:1;) alert tcp $HOME_NET any -> [197.211.244.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.211.244.6/; sid:900622332; rev:1;) alert tcp $HOME_NET any -> [181.28.248.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.28.248.205/; sid:901012676; rev:1;) alert tcp $HOME_NET any -> [201.251.229.37] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.251.229.37/; sid:901012671; rev:1;) alert tcp $HOME_NET any -> [81.140.12.131] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.140.12.131/; sid:901012669; rev:1;) alert tcp $HOME_NET any -> [190.102.226.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.102.226.91/; sid:900622999; rev:1;) alert tcp $HOME_NET any -> [187.149.41.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.41.205/; sid:901012659; rev:1;) alert tcp $HOME_NET any -> [190.193.131.141] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.131.141/; sid:901012657; rev:1;) alert tcp $HOME_NET any -> [181.134.105.191] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.134.105.191/; sid:901012656; rev:1;) alert tcp $HOME_NET any -> [45.55.83.204] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.83.204/; sid:901012651; rev:1;) alert tcp $HOME_NET any -> [190.189.112.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.189.112.116/; sid:901012650; rev:1;) alert tcp $HOME_NET any -> [138.219.214.164] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.219.214.164/; sid:901012649; rev:1;) alert tcp $HOME_NET any -> [185.187.198.10] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.187.198.10/; sid:900622313; rev:1;) alert tcp $HOME_NET any -> [201.214.74.71] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.214.74.71/; sid:901010500; rev:1;) alert tcp $HOME_NET any -> [110.36.234.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.234.146/; sid:900622359; rev:1;) alert tcp $HOME_NET any -> [212.129.24.82] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.129.24.82/; sid:900622310; rev:1;) alert tcp $HOME_NET any -> [190.158.19.141] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.158.19.141/; sid:900622334; rev:1;) alert tcp $HOME_NET any -> [139.5.237.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.5.237.27/; sid:900622312; rev:1;) alert tcp $HOME_NET any -> [80.240.141.141] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.240.141.141/; sid:900622314; rev:1;) alert tcp $HOME_NET any -> [105.186.87.144] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.186.87.144/; sid:900622311; rev:1;) alert tcp $HOME_NET any -> [181.165.150.211] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.165.150.211/; sid:901009951; rev:1;) alert tcp $HOME_NET any -> [181.1.37.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.1.37.38/; sid:901009934; rev:1;) alert tcp $HOME_NET any -> [186.93.167.147] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.93.167.147/; sid:901009925; rev:1;) alert tcp $HOME_NET any -> [190.108.228.48] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.228.48/; sid:900622343; rev:1;) alert tcp $HOME_NET any -> [212.71.237.140] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.71.237.140/; sid:901009691; rev:1;) alert tcp $HOME_NET any -> [181.167.53.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.167.53.209/; sid:900622308; rev:1;) alert tcp $HOME_NET any -> [181.99.235.57] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.99.235.57/; sid:901009667; rev:1;) alert tcp $HOME_NET any -> [119.159.150.176] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.159.150.176/; sid:900622328; rev:1;) alert tcp $HOME_NET any -> [184.69.214.94] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.69.214.94/; sid:900622342; rev:1;) alert tcp $HOME_NET any -> [162.144.47.94] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.47.94/; sid:900622309; rev:1;) alert tcp $HOME_NET any -> [186.0.95.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.0.95.172/; sid:900622307; rev:1;) alert tcp $HOME_NET any -> [187.199.158.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.199.158.226/; sid:900622306; rev:1;) alert tcp $HOME_NET any -> [186.29.155.101] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.29.155.101/; sid:901009493; rev:1;) alert tcp $HOME_NET any -> [152.170.220.95] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.170.220.95/; sid:901009490; rev:1;) alert tcp $HOME_NET any -> [186.10.16.244] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.16.244/; sid:900622303; rev:1;) alert tcp $HOME_NET any -> [162.214.27.219] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.214.27.219/; sid:900622297; rev:1;) alert tcp $HOME_NET any -> [194.50.163.106] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.50.163.106/; sid:900622299; rev:1;) alert tcp $HOME_NET any -> [66.85.156.66] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.85.156.66/; sid:900622302; rev:1;) alert tcp $HOME_NET any -> [66.55.71.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.11/; sid:900622301; rev:1;) alert tcp $HOME_NET any -> [192.227.232.22] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.22/; sid:900622295; rev:1;) alert tcp $HOME_NET any -> [45.148.10.48] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.148.10.48/; sid:900622296; rev:1;) alert tcp $HOME_NET any -> [195.123.220.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.220.86/; sid:900622292; rev:1;) alert tcp $HOME_NET any -> [45.14.49.77] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.14.49.77/; sid:900622293; rev:1;) alert tcp $HOME_NET any -> [107.172.143.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.91/; sid:900622305; rev:1;) alert tcp $HOME_NET any -> [148.240.52.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.240.52.172/; sid:900622304; rev:1;) alert tcp $HOME_NET any -> [194.5.250.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.84/; sid:900622294; rev:1;) alert tcp $HOME_NET any -> [181.123.0.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.123.0.125/; sid:900622355; rev:1;) alert tcp $HOME_NET any -> [186.117.174.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.117.174.26/; sid:900622298; rev:1;) alert tcp $HOME_NET any -> [64.44.51.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.88/; sid:900622300; rev:1;) alert tcp $HOME_NET any -> [190.96.118.15] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.118.15/; sid:900622506; rev:1;) alert tcp $HOME_NET any -> [46.28.111.142] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.28.111.142/; sid:901009178; rev:1;) alert tcp $HOME_NET any -> [77.237.248.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.237.248.136/; sid:900622291; rev:1;) alert tcp $HOME_NET any -> [37.228.117.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.247/; sid:900622290; rev:1;) alert tcp $HOME_NET any -> [5.53.125.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.125.13/; sid:900622289; rev:1;) alert tcp $HOME_NET any -> [188.225.57.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.225.57.125/; sid:900622288; rev:1;) alert tcp $HOME_NET any -> [185.90.61.116] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.116/; sid:900622287; rev:1;) alert tcp $HOME_NET any -> [185.65.202.193] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.193/; sid:900622286; rev:1;) alert tcp $HOME_NET any -> [212.22.75.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.132/; sid:900622281; rev:1;) alert tcp $HOME_NET any -> [139.60.163.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.50/; sid:900622282; rev:1;) alert tcp $HOME_NET any -> [5.196.74.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.74.210/; sid:901009006; rev:1;) alert tcp $HOME_NET any -> [185.142.236.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.236.163/; sid:900622278; rev:1;) alert tcp $HOME_NET any -> [101.187.237.217] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.187.237.217/; sid:900622280; rev:1;) alert tcp $HOME_NET any -> [180.183.112.185] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.183.112.185/; sid:900622279; rev:1;) alert tcp $HOME_NET any -> [46.41.134.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.134.46/; sid:900622285; rev:1;) alert tcp $HOME_NET any -> [185.250.204.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.250.204.126/; sid:900622277; rev:1;) alert tcp $HOME_NET any -> [64.44.133.34] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.133.34/; sid:900622275; rev:1;) alert tcp $HOME_NET any -> [92.63.102.212] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.102.212/; sid:900622274; rev:1;) alert tcp $HOME_NET any -> [37.228.117.65] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.65/; sid:900622276; rev:1;) alert tcp $HOME_NET any -> [145.239.188.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.95/; sid:900622271; rev:1;) alert tcp $HOME_NET any -> [195.123.238.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.36/; sid:900622272; rev:1;) alert tcp $HOME_NET any -> [138.185.25.228] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.185.25.228/; sid:900622269; rev:1;) alert tcp $HOME_NET any -> [170.233.120.53] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.233.120.53/; sid:900622267; rev:1;) alert tcp $HOME_NET any -> [190.152.4.98] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.4.98/; sid:900622266; rev:1;) alert tcp $HOME_NET any -> [170.84.78.117] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.84.78.117/; sid:900622268; rev:1;) alert tcp $HOME_NET any -> [91.207.185.73] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.207.185.73/; sid:900622265; rev:1;) alert tcp $HOME_NET any -> [143.95.101.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/143.95.101.72/; sid:901007850; rev:1;) alert tcp $HOME_NET any -> [113.52.135.33] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.52.135.33/; sid:901007845; rev:1;) alert tcp $HOME_NET any -> [5.189.148.98] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.148.98/; sid:901007836; rev:1;) alert tcp $HOME_NET any -> [133.130.73.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.130.73.156/; sid:900622262; rev:1;) alert tcp $HOME_NET any -> [178.170.189.239] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.239/; sid:900622261; rev:1;) alert tcp $HOME_NET any -> [91.92.128.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.128.237/; sid:900622260; rev:1;) alert tcp $HOME_NET any -> [62.75.171.248] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.171.248/; sid:900622263; rev:1;) alert tcp $HOME_NET any -> [62.75.160.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.160.178/; sid:901007734; rev:1;) alert tcp $HOME_NET any -> [87.106.77.40] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.77.40/; sid:901007733; rev:1;) alert tcp $HOME_NET any -> [217.199.160.224] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.199.160.224/; sid:900622258; rev:1;) alert tcp $HOME_NET any -> [185.222.202.222] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.222/; sid:900622259; rev:1;) alert tcp $HOME_NET any -> [178.249.187.151] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.249.187.151/; sid:900622257; rev:1;) alert tcp $HOME_NET any -> [192.241.250.202] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.250.202/; sid:900622256; rev:1;) alert tcp $HOME_NET any -> [51.68.247.62] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.247.62/; sid:900622254; rev:1;) alert tcp $HOME_NET any -> [23.95.214.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.214.138/; sid:900622252; rev:1;) alert tcp $HOME_NET any -> [37.44.212.216] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.216/; sid:900622251; rev:1;) alert tcp $HOME_NET any -> [93.189.42.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.21/; sid:900622253; rev:1;) alert tcp $HOME_NET any -> [47.41.213.2] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.41.213.2/; sid:901007319; rev:1;) alert tcp $HOME_NET any -> [181.164.8.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.8.25/; sid:900622273; rev:1;) alert tcp $HOME_NET any -> [190.211.254.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.211.254.14/; sid:900622249; rev:1;) alert tcp $HOME_NET any -> [181.113.229.139] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.229.139/; sid:900622244; rev:1;) alert tcp $HOME_NET any -> [95.178.241.254] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.178.241.254/; sid:900622248; rev:1;) alert tcp $HOME_NET any -> [189.189.214.1] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.214.1/; sid:900622245; rev:1;) alert tcp $HOME_NET any -> [189.245.216.217] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.245.216.217/; sid:900622246; rev:1;) alert tcp $HOME_NET any -> [190.79.251.99] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.79.251.99/; sid:900622247; rev:1;) alert tcp $HOME_NET any -> [190.221.50.210] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.221.50.210/; sid:900622283; rev:1;) alert tcp $HOME_NET any -> [190.104.253.234] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.253.234/; sid:900622240; rev:1;) alert tcp $HOME_NET any -> [46.163.144.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.163.144.228/; sid:900622264; rev:1;) alert tcp $HOME_NET any -> [62.75.150.240] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.150.240/; sid:900622243; rev:1;) alert tcp $HOME_NET any -> [152.46.8.148] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.46.8.148/; sid:900622239; rev:1;) alert tcp $HOME_NET any -> [201.184.65.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.184.65.229/; sid:900622241; rev:1;) alert tcp $HOME_NET any -> [190.38.14.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.38.14.52/; sid:901007242; rev:1;) alert tcp $HOME_NET any -> [189.129.231.76] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.231.76/; sid:900622238; rev:1;) alert tcp $HOME_NET any -> [211.229.116.97] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.229.116.97/; sid:900622242; rev:1;) alert tcp $HOME_NET any -> [194.5.250.82] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.82/; sid:900622236; rev:1;) alert tcp $HOME_NET any -> [91.132.139.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.132.139.170/; sid:900622235; rev:1;) alert tcp $HOME_NET any -> [46.30.41.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.229/; sid:900622234; rev:1;) alert tcp $HOME_NET any -> [45.8.126.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.126.5/; sid:900622233; rev:1;) alert tcp $HOME_NET any -> [190.201.164.223] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.201.164.223/; sid:901007170; rev:1;) alert tcp $HOME_NET any -> [63.142.253.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.142.253.122/; sid:900622232; rev:1;) alert tcp $HOME_NET any -> [212.80.217.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.164/; sid:900622230; rev:1;) alert tcp $HOME_NET any -> [158.69.130.55] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.130.55/; sid:900622231; rev:1;) alert tcp $HOME_NET any -> [92.63.102.210] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.102.210/; sid:900622228; rev:1;) alert tcp $HOME_NET any -> [186.42.98.254] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.98.254/; sid:900622227; rev:1;) alert tcp $HOME_NET any -> [185.70.182.162] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.70.182.162/; sid:900622225; rev:1;) alert tcp $HOME_NET any -> [186.42.185.10] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.185.10/; sid:900622224; rev:1;) alert tcp $HOME_NET any -> [45.161.33.88] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.161.33.88/; sid:900622223; rev:1;) alert tcp $HOME_NET any -> [51.15.8.192] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.15.8.192/; sid:901006898; rev:1;) alert tcp $HOME_NET any -> [189.187.141.15] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.187.141.15/; sid:900622222; rev:1;) alert tcp $HOME_NET any -> [50.28.51.143] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.28.51.143/; sid:901006896; rev:1;) alert tcp $HOME_NET any -> [187.149.84.80] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.149.84.80/; sid:900622221; rev:1;) alert tcp $HOME_NET any -> [189.166.68.89] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.68.89/; sid:900622220; rev:1;) alert tcp $HOME_NET any -> [114.79.134.129] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.134.129/; sid:900622219; rev:1;) alert tcp $HOME_NET any -> [187.144.189.58] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.189.58/; sid:900622216; rev:1;) alert tcp $HOME_NET any -> [187.147.50.167] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.147.50.167/; sid:900622217; rev:1;) alert tcp $HOME_NET any -> [181.49.61.237] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.49.61.237/; sid:900622215; rev:1;) alert tcp $HOME_NET any -> [37.228.117.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.146/; sid:900622214; rev:1;) alert tcp $HOME_NET any -> [148.251.185.189] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.185.189/; sid:900622213; rev:1;) alert tcp $HOME_NET any -> [203.23.128.168] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.23.128.168/; sid:900622212; rev:1;) alert tcp $HOME_NET any -> [51.254.69.244] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.244/; sid:900622211; rev:1;) alert tcp $HOME_NET any -> [213.183.60.30] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.183.60.30/; sid:900622210; rev:1;) alert tcp $HOME_NET any -> [79.124.49.215] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.215/; sid:900622209; rev:1;) alert tcp $HOME_NET any -> [107.155.137.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.8/; sid:900622207; rev:1;) alert tcp $HOME_NET any -> [195.123.221.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.104/; sid:900622205; rev:1;) alert tcp $HOME_NET any -> [93.189.149.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.149.238/; sid:900622206; rev:1;) alert tcp $HOME_NET any -> [31.184.253.37] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.253.37/; sid:900622203; rev:1;) alert tcp $HOME_NET any -> [107.173.160.29] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.160.29/; sid:900622204; rev:1;) alert tcp $HOME_NET any -> [108.170.40.39] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.40.39/; sid:900622201; rev:1;) alert tcp $HOME_NET any -> [107.172.143.248] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.248/; sid:900622202; rev:1;) alert tcp $HOME_NET any -> [109.169.86.13] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.169.86.13/; sid:901005130; rev:1;) alert tcp $HOME_NET any -> [46.41.151.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.41.151.103/; sid:901005123; rev:1;) alert tcp $HOME_NET any -> [23.92.22.225] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.92.22.225/; sid:901005119; rev:1;) alert tcp $HOME_NET any -> [104.236.243.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.243.129/; sid:900622199; rev:1;) alert tcp $HOME_NET any -> [189.244.245.238] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.244.245.238/; sid:901005102; rev:1;) alert tcp $HOME_NET any -> [207.180.208.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.180.208.175/; sid:900622200; rev:1;) alert tcp $HOME_NET any -> [78.140.223.73] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.140.223.73/; sid:900622198; rev:1;) alert tcp $HOME_NET any -> [185.117.119.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.131/; sid:900622197; rev:1;) alert tcp $HOME_NET any -> [138.197.140.163] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.197.140.163/; sid:901004554; rev:1;) alert tcp $HOME_NET any -> [108.179.216.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.179.216.46/; sid:900622346; rev:1;) alert tcp $HOME_NET any -> [83.169.33.157] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.169.33.157/; sid:901004548; rev:1;) alert tcp $HOME_NET any -> [46.32.229.152] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.32.229.152/; sid:901004546; rev:1;) alert tcp $HOME_NET any -> [178.249.187.150] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.249.187.150/; sid:901004542; rev:1;) alert tcp $HOME_NET any -> [216.70.88.55] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.70.88.55/; sid:901004541; rev:1;) alert tcp $HOME_NET any -> [192.163.221.191] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.163.221.191/; sid:901763294; rev:1;) alert tcp $HOME_NET any -> [190.146.81.138] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.81.138/; sid:901004531; rev:1;) alert tcp $HOME_NET any -> [152.168.220.188] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.220.188/; sid:901004529; rev:1;) alert tcp $HOME_NET any -> [189.129.4.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.129.4.186/; sid:900622208; rev:1;) alert tcp $HOME_NET any -> [5.53.124.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.55/; sid:900622194; rev:1;) alert tcp $HOME_NET any -> [45.33.1.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.1.161/; sid:900622195; rev:1;) alert tcp $HOME_NET any -> [83.110.75.153] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.75.153/; sid:900622237; rev:1;) alert tcp $HOME_NET any -> [78.109.34.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.109.34.178/; sid:900622250; rev:1;) alert tcp $HOME_NET any -> [5.196.35.138] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.35.138/; sid:901004461; rev:1;) alert tcp $HOME_NET any -> [77.55.211.77] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.55.211.77/; sid:901004453; rev:1;) alert tcp $HOME_NET any -> [198.199.106.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.106.229/; sid:900622191; rev:1;) alert tcp $HOME_NET any -> [190.200.64.180] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.200.64.180/; sid:900622190; rev:1;) alert tcp $HOME_NET any -> [181.81.143.108] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.81.143.108/; sid:901004433; rev:1;) alert tcp $HOME_NET any -> [190.18.146.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.146.70/; sid:900622218; rev:1;) alert tcp $HOME_NET any -> [195.123.221.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.221.178/; sid:900622193; rev:1;) alert tcp $HOME_NET any -> [217.160.182.191] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.160.182.191/; sid:901004300; rev:1;) alert tcp $HOME_NET any -> [178.254.6.27] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.254.6.27/; sid:900622182; rev:1;) alert tcp $HOME_NET any -> [59.152.93.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.152.93.46/; sid:900622183; rev:1;) alert tcp $HOME_NET any -> [185.79.242.204] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.79.242.204/; sid:900622180; rev:1;) alert tcp $HOME_NET any -> [195.93.223.100] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.93.223.100/; sid:900622179; rev:1;) alert tcp $HOME_NET any -> [108.170.40.34] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.170.40.34/; sid:900622177; rev:1;) alert tcp $HOME_NET any -> [92.38.171.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.36/; sid:900622176; rev:1;) alert tcp $HOME_NET any -> [94.177.253.126] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.177.253.126/; sid:900622468; rev:1;) alert tcp $HOME_NET any -> [104.193.252.142] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.193.252.142/; sid:900622178; rev:1;) alert tcp $HOME_NET any -> [185.222.202.62] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.62/; sid:900622175; rev:1;) alert tcp $HOME_NET any -> [62.210.142.58] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.210.142.58/; sid:900622184; rev:1;) alert tcp $HOME_NET any -> [83.29.180.97] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.29.180.97/; sid:901003074; rev:1;) alert tcp $HOME_NET any -> [187.155.233.46] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.155.233.46/; sid:900622174; rev:1;) alert tcp $HOME_NET any -> [194.5.250.79] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.79/; sid:900622172; rev:1;) alert tcp $HOME_NET any -> [178.252.26.235] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.252.26.235/; sid:900622171; rev:1;) alert tcp $HOME_NET any -> [66.55.71.15] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.15/; sid:900622170; rev:1;) alert tcp $HOME_NET any -> [201.113.23.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.113.23.175/; sid:900622188; rev:1;) alert tcp $HOME_NET any -> [200.82.147.93] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.147.93/; sid:900622189; rev:1;) alert tcp $HOME_NET any -> [190.104.64.197] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.64.197/; sid:900622186; rev:1;) alert tcp $HOME_NET any -> [198.199.88.162] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.199.88.162/; sid:900622167; rev:1;) alert tcp $HOME_NET any -> [190.226.44.20] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.226.44.20/; sid:900622692; rev:1;) alert tcp $HOME_NET any -> [86.98.25.30] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.25.30/; sid:900622168; rev:1;) alert tcp $HOME_NET any -> [201.250.11.236] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.250.11.236/; sid:900622169; rev:1;) alert tcp $HOME_NET any -> [179.12.170.88] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.12.170.88/; sid:900622166; rev:1;) alert tcp $HOME_NET any -> [179.24.118.93] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.24.118.93/; sid:901002616; rev:1;) alert tcp $HOME_NET any -> [190.55.86.138] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.86.138/; sid:901002615; rev:1;) alert tcp $HOME_NET any -> [190.92.103.7] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.103.7/; sid:901002613; rev:1;) alert tcp $HOME_NET any -> [186.4.194.153] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.4.194.153/; sid:901002509; rev:1;) alert tcp $HOME_NET any -> [185.94.252.13] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.13/; sid:900622481; rev:1;) alert tcp $HOME_NET any -> [103.97.95.218] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.97.95.218/; sid:901002498; rev:1;) alert tcp $HOME_NET any -> [92.222.216.44] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.222.216.44/; sid:901002496; rev:1;) alert tcp $HOME_NET any -> [176.31.200.130] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.200.130/; sid:900622605; rev:1;) alert tcp $HOME_NET any -> [181.230.126.152] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.230.126.152/; sid:900622165; rev:1;) alert tcp $HOME_NET any -> [37.228.117.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.182/; sid:900622163; rev:1;) alert tcp $HOME_NET any -> [159.65.25.128] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.25.128/; sid:901002001; rev:1;) alert tcp $HOME_NET any -> [104.236.246.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.246.93/; sid:901001994; rev:1;) alert tcp $HOME_NET any -> [37.157.194.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.157.194.134/; sid:901002000; rev:1;) alert tcp $HOME_NET any -> [142.44.162.209] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.162.209/; sid:900622157; rev:1;) alert tcp $HOME_NET any -> [92.222.125.16] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.222.125.16/; sid:900622158; rev:1;) alert tcp $HOME_NET any -> [87.230.19.21] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.230.19.21/; sid:901001805; rev:1;) alert tcp $HOME_NET any -> [37.208.39.59] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.208.39.59/; sid:901001783; rev:1;) alert tcp $HOME_NET any -> [125.99.61.162] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.61.162/; sid:900622315; rev:1;) alert tcp $HOME_NET any -> [77.122.183.203] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.122.183.203/; sid:901001737; rev:1;) alert tcp $HOME_NET any -> [178.170.189.52] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.52/; sid:900622160; rev:1;) alert tcp $HOME_NET any -> [139.60.163.36] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.36/; sid:900622154; rev:1;) alert tcp $HOME_NET any -> [79.124.49.210] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.210/; sid:900622153; rev:1;) alert tcp $HOME_NET any -> [107.155.137.4] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.4/; sid:900622161; rev:1;) alert tcp $HOME_NET any -> [148.251.27.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.251.27.94/; sid:900622152; rev:1;) alert tcp $HOME_NET any -> [181.113.20.186] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.113.20.186/; sid:900622146; rev:1;) alert tcp $HOME_NET any -> [64.44.51.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.44.51.126/; sid:900622151; rev:1;) alert tcp $HOME_NET any -> [194.5.250.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.60/; sid:900622143; rev:1;) alert tcp $HOME_NET any -> [200.29.106.33] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.29.106.33/; sid:900622128; rev:1;) alert tcp $HOME_NET any -> [104.168.123.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.168.123.186/; sid:900622159; rev:1;) alert tcp $HOME_NET any -> [190.97.10.198] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.10.198/; sid:901001589; rev:1;) alert tcp $HOME_NET any -> [179.40.105.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.40.105.76/; sid:901001586; rev:1;) alert tcp $HOME_NET any -> [186.86.177.193] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.86.177.193/; sid:901001575; rev:1;) alert tcp $HOME_NET any -> [176.31.200.136] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.200.136/; sid:901001566; rev:1;) alert tcp $HOME_NET any -> [70.32.84.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.32.84.74/; sid:901001565; rev:1;) alert tcp $HOME_NET any -> [46.101.123.139] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.101.123.139/; sid:901001563; rev:1;) alert tcp $HOME_NET any -> [181.28.144.64] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.28.144.64/; sid:901001559; rev:1;) alert tcp $HOME_NET any -> [46.29.183.211] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.29.183.211/; sid:901001554; rev:1;) alert tcp $HOME_NET any -> [159.203.204.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.203.204.126/; sid:900622185; rev:1;) alert tcp $HOME_NET any -> [181.48.174.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.48.174.242/; sid:901001540; rev:1;) alert tcp $HOME_NET any -> [187.144.227.2] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.227.2/; sid:901001532; rev:1;) alert tcp $HOME_NET any -> [186.93.145.178] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.93.145.178/; sid:901001529; rev:1;) alert tcp $HOME_NET any -> [81.169.140.14] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.169.140.14/; sid:900622523; rev:1;) alert tcp $HOME_NET any -> [183.82.97.25] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.97.25/; sid:900622126; rev:1;) alert tcp $HOME_NET any -> [90.69.208.50] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.69.208.50/; sid:901001519; rev:1;) alert tcp $HOME_NET any -> [77.245.101.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.245.101.134/; sid:900622127; rev:1;) alert tcp $HOME_NET any -> [80.85.87.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.85.87.122/; sid:900622720; rev:1;) alert tcp $HOME_NET any -> [170.247.122.37] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.247.122.37/; sid:901001514; rev:1;) alert tcp $HOME_NET any -> [178.79.163.131] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.163.131/; sid:901001511; rev:1;) alert tcp $HOME_NET any -> [201.219.183.243] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.219.183.243/; sid:901001506; rev:1;) alert tcp $HOME_NET any -> [162.241.130.39] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.241.130.39/; sid:900622116; rev:1;) alert tcp $HOME_NET any -> [151.80.142.33] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.142.33/; sid:901001501; rev:1;) alert tcp $HOME_NET any -> [189.245.135.12] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.245.135.12/; sid:901001499; rev:1;) alert tcp $HOME_NET any -> [192.241.175.184] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.241.175.184/; sid:900622130; rev:1;) alert tcp $HOME_NET any -> [149.202.153.251] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.153.251/; sid:900622129; rev:1;) alert tcp $HOME_NET any -> [93.78.205.196] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.78.205.196/; sid:900622114; rev:1;) alert tcp $HOME_NET any -> [81.177.141.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.141.45/; sid:900622316; rev:1;) alert tcp $HOME_NET any -> [78.24.219.147] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.24.219.147/; sid:901001479; rev:1;) alert tcp $HOME_NET any -> [206.189.98.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.189.98.125/; sid:901001478; rev:1;) alert tcp $HOME_NET any -> [75.127.14.170] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.127.14.170/; sid:900622112; rev:1;) alert tcp $HOME_NET any -> [31.172.240.91] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.172.240.91/; sid:901001472; rev:1;) alert tcp $HOME_NET any -> [173.212.203.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.212.203.26/; sid:901001471; rev:1;) alert tcp $HOME_NET any -> [188.166.253.46] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.166.253.46/; sid:901001466; rev:1;) alert tcp $HOME_NET any -> [104.247.221.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.247.221.104/; sid:901001457; rev:1;) alert tcp $HOME_NET any -> [124.121.192.163] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.121.192.163/; sid:901001456; rev:1;) alert tcp $HOME_NET any -> [152.169.236.172] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.169.236.172/; sid:901001453; rev:1;) alert tcp $HOME_NET any -> [92.243.92.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.243.92.8/; sid:900622140; rev:1;) alert tcp $HOME_NET any -> [195.123.238.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.110/; sid:900622144; rev:1;) alert tcp $HOME_NET any -> [185.251.38.201] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.201/; sid:900622136; rev:1;) alert tcp $HOME_NET any -> [200.116.199.10] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.199.10/; sid:900622106; rev:1;) alert tcp $HOME_NET any -> [181.188.149.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.188.149.134/; sid:900622149; rev:1;) alert tcp $HOME_NET any -> [5.67.96.120] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.67.96.120/; sid:900622120; rev:1;) alert tcp $HOME_NET any -> [203.130.0.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.130.0.67/; sid:900622125; rev:1;) alert tcp $HOME_NET any -> [186.46.88.62] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.88.62/; sid:900622104; rev:1;) alert tcp $HOME_NET any -> [200.21.51.38] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.51.38/; sid:900622105; rev:1;) alert tcp $HOME_NET any -> [37.18.30.165] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.165/; sid:900622137; rev:1;) alert tcp $HOME_NET any -> [185.66.14.149] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.14.149/; sid:900622135; rev:1;) alert tcp $HOME_NET any -> [5.101.51.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.101.51.101/; sid:900622141; rev:1;) alert tcp $HOME_NET any -> [92.38.171.26] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.26/; sid:900622139; rev:1;) alert tcp $HOME_NET any -> [201.212.57.109] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.57.109/; sid:900622111; rev:1;) alert tcp $HOME_NET any -> [195.123.238.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.83/; sid:900622138; rev:1;) alert tcp $HOME_NET any -> [51.77.202.8] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.202.8/; sid:900622132; rev:1;) alert tcp $HOME_NET any -> [107.172.143.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.155/; sid:900622145; rev:1;) alert tcp $HOME_NET any -> [195.123.247.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.247.27/; sid:900622133; rev:1;) alert tcp $HOME_NET any -> [185.252.144.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.190/; sid:900622134; rev:1;) alert tcp $HOME_NET any -> [194.5.250.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.57/; sid:900622103; rev:1;) alert tcp $HOME_NET any -> [51.77.254.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.254.186/; sid:900622102; rev:1;) alert tcp $HOME_NET any -> [178.33.26.175] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.33.26.175/; sid:900622101; rev:1;) alert tcp $HOME_NET any -> [23.94.24.196] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.24.196/; sid:900622100; rev:1;) alert tcp $HOME_NET any -> [198.12.71.210] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.71.210/; sid:900622099; rev:1;) alert tcp $HOME_NET any -> [79.124.49.209] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.209/; sid:900622097; rev:1;) alert tcp $HOME_NET any -> [185.141.27.223] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.223/; sid:900622096; rev:1;) alert tcp $HOME_NET any -> [185.141.27.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.237/; sid:900622098; rev:1;) alert tcp $HOME_NET any -> [185.215.148.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.215.148.133/; sid:900622095; rev:1;) alert tcp $HOME_NET any -> [181.129.96.74] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.96.74/; sid:900622094; rev:1;) alert tcp $HOME_NET any -> [195.123.242.175] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.242.175/; sid:900622093; rev:1;) alert tcp $HOME_NET any -> [194.5.250.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.53/; sid:900622092; rev:1;) alert tcp $HOME_NET any -> [66.55.71.112] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.55.71.112/; sid:900622090; rev:1;) alert tcp $HOME_NET any -> [68.168.123.85] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.168.123.85/; sid:900622088; rev:1;) alert tcp $HOME_NET any -> [107.174.66.214] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.66.214/; sid:900622087; rev:1;) alert tcp $HOME_NET any -> [107.173.90.220] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.90.220/; sid:900622086; rev:1;) alert tcp $HOME_NET any -> [190.144.89.82] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.144.89.82/; sid:900622091; rev:1;) alert tcp $HOME_NET any -> [107.155.137.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.155.137.12/; sid:900622085; rev:1;) alert tcp $HOME_NET any -> [95.174.65.246] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.174.65.246/; sid:900622082; rev:1;) alert tcp $HOME_NET any -> [107.173.160.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.160.19/; sid:900622084; rev:1;) alert tcp $HOME_NET any -> [45.80.148.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.80.148.53/; sid:900622083; rev:1;) alert tcp $HOME_NET any -> [185.222.202.29] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.222.202.29/; sid:900622080; rev:1;) alert tcp $HOME_NET any -> [79.124.49.206] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.206/; sid:900622081; rev:1;) alert tcp $HOME_NET any -> [107.173.160.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.160.22/; sid:900622078; rev:1;) alert tcp $HOME_NET any -> [192.3.104.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.104.38/; sid:900622079; rev:1;) alert tcp $HOME_NET any -> [107.173.160.18] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.160.18/; sid:900622089; rev:1;) alert tcp $HOME_NET any -> [184.164.142.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.164.142.51/; sid:900622076; rev:1;) alert tcp $HOME_NET any -> [185.142.99.59] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.59/; sid:900622072; rev:1;) alert tcp $HOME_NET any -> [185.45.193.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.45.193.76/; sid:900622075; rev:1;) alert tcp $HOME_NET any -> [190.109.189.119] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.109.189.119/; sid:900622077; rev:1;) alert tcp $HOME_NET any -> [217.12.210.216] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.12.210.216/; sid:900622074; rev:1;) alert tcp $HOME_NET any -> [95.181.198.140] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.140/; sid:900622073; rev:1;) alert tcp $HOME_NET any -> [212.73.150.188] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.188/; sid:900622066; rev:1;) alert tcp $HOME_NET any -> [185.235.130.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.235.130.84/; sid:900622070; rev:1;) alert tcp $HOME_NET any -> [31.202.132.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.179/; sid:900622068; rev:1;) alert tcp $HOME_NET any -> [185.183.99.146] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.99.146/; sid:900622069; rev:1;) alert tcp $HOME_NET any -> [172.106.131.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.106.131.104/; sid:900622067; rev:1;) alert tcp $HOME_NET any -> [85.143.216.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.216.155/; sid:900622062; rev:1;) alert tcp $HOME_NET any -> [51.254.69.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.225/; sid:900622061; rev:1;) alert tcp $HOME_NET any -> [45.138.157.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.157.55/; sid:900622063; rev:1;) alert tcp $HOME_NET any -> [107.160.141.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.160.141.53/; sid:900622064; rev:1;) alert tcp $HOME_NET any -> [194.87.147.184] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.147.184/; sid:900622059; rev:1;) alert tcp $HOME_NET any -> [193.26.217.140] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.26.217.140/; sid:900622060; rev:1;) alert tcp $HOME_NET any -> [185.141.61.191] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.61.191/; sid:900622065; rev:1;) alert tcp $HOME_NET any -> [195.123.237.52] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.52/; sid:900622058; rev:1;) alert tcp $HOME_NET any -> [85.217.171.98] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.217.171.98/; sid:900622050; rev:1;) alert tcp $HOME_NET any -> [185.183.98.237] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.237/; sid:900622053; rev:1;) alert tcp $HOME_NET any -> [54.38.127.24] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.24/; sid:900622056; rev:1;) alert tcp $HOME_NET any -> [79.124.49.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.124.49.203/; sid:900622054; rev:1;) alert tcp $HOME_NET any -> [81.177.6.144] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.6.144/; sid:900622051; rev:1;) alert tcp $HOME_NET any -> [81.177.6.224] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.6.224/; sid:900622052; rev:1;) alert tcp $HOME_NET any -> [37.72.168.154] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.72.168.154/; sid:900622055; rev:1;) alert tcp $HOME_NET any -> [45.8.126.3] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.126.3/; sid:900622150; rev:1;) alert tcp $HOME_NET any -> [185.183.99.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.99.134/; sid:900622045; rev:1;) alert tcp $HOME_NET any -> [37.228.117.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.90/; sid:900622046; rev:1;) alert tcp $HOME_NET any -> [200.58.83.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.83.179/; sid:900622538; rev:1;) alert tcp $HOME_NET any -> [185.65.202.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.159/; sid:900622042; rev:1;) alert tcp $HOME_NET any -> [5.101.51.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.101.51.246/; sid:900622043; rev:1;) alert tcp $HOME_NET any -> [51.75.254.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.254.122/; sid:900622040; rev:1;) alert tcp $HOME_NET any -> [45.138.157.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.138.157.13/; sid:900622041; rev:1;) alert tcp $HOME_NET any -> [212.22.75.120] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.75.120/; sid:900622037; rev:1;) alert tcp $HOME_NET any -> [176.103.62.201] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.103.62.201/; sid:900622039; rev:1;) alert tcp $HOME_NET any -> [85.143.221.0] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.221.0/; sid:900622038; rev:1;) alert tcp $HOME_NET any -> [107.174.254.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.254.153/; sid:900622048; rev:1;) alert tcp $HOME_NET any -> [51.68.247.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.68.247.46/; sid:900622049; rev:1;) alert tcp $HOME_NET any -> [92.38.171.125] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.125/; sid:900622047; rev:1;) alert tcp $HOME_NET any -> [94.156.35.232] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.232/; sid:900622035; rev:1;) alert tcp $HOME_NET any -> [80.87.196.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.196.55/; sid:900622036; rev:1;) alert tcp $HOME_NET any -> [181.112.159.70] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.112.159.70/; sid:900622044; rev:1;) alert tcp $HOME_NET any -> [81.177.136.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.68/; sid:900622033; rev:1;) alert tcp $HOME_NET any -> [50.3.87.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.3.87.51/; sid:900621992; rev:1;) alert tcp $HOME_NET any -> [95.181.198.88] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.88/; sid:900621989; rev:1;) alert tcp $HOME_NET any -> [103.116.84.44] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.116.84.44/; sid:900622034; rev:1;) alert tcp $HOME_NET any -> [54.36.28.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.28.94/; sid:900621991; rev:1;) alert tcp $HOME_NET any -> [185.82.202.89] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.82.202.89/; sid:900621990; rev:1;) alert tcp $HOME_NET any -> [5.253.63.157] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.157/; sid:900621987; rev:1;) alert tcp $HOME_NET any -> [66.70.218.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.50/; sid:900621986; rev:1;) alert tcp $HOME_NET any -> [186.46.63.58] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.46.63.58/; sid:900622026; rev:1;) alert tcp $HOME_NET any -> [66.70.218.56] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.56/; sid:900621982; rev:1;) alert tcp $HOME_NET any -> [178.157.82.90] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.90/; sid:900621983; rev:1;) alert tcp $HOME_NET any -> [198.23.252.117] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.23.252.117/; sid:900621985; rev:1;) alert tcp $HOME_NET any -> [95.215.206.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.215.206.34/; sid:900621984; rev:1;) alert tcp $HOME_NET any -> [93.189.44.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.44.92/; sid:900622032; rev:1;) alert tcp $HOME_NET any -> [185.141.27.162] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.162/; sid:900621981; rev:1;) alert tcp $HOME_NET any -> [198.8.91.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.53/; sid:900621966; rev:1;) alert tcp $HOME_NET any -> [54.36.24.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.24.99/; sid:900622368; rev:1;) alert tcp $HOME_NET any -> [190.151.213.140] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.151.213.140/; sid:900622031; rev:1;) alert tcp $HOME_NET any -> [81.177.141.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.141.67/; sid:900621964; rev:1;) alert tcp $HOME_NET any -> [31.184.253.6] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.253.6/; sid:900621965; rev:1;) alert tcp $HOME_NET any -> [89.105.203.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.105.203.184/; sid:900621956; rev:1;) alert tcp $HOME_NET any -> [194.87.95.132] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.95.132/; sid:900621963; rev:1;) alert tcp $HOME_NET any -> [146.185.219.27] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.27/; sid:900621962; rev:1;) alert tcp $HOME_NET any -> [37.228.117.250] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.250/; sid:900621961; rev:1;) alert tcp $HOME_NET any -> [192.3.146.221] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.146.221/; sid:900621958; rev:1;) alert tcp $HOME_NET any -> [198.12.97.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.97.212/; sid:900621960; rev:1;) alert tcp $HOME_NET any -> [185.117.75.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.41/; sid:900621951; rev:1;) alert tcp $HOME_NET any -> [185.183.98.26] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.26/; sid:900621950; rev:1;) alert tcp $HOME_NET any -> [107.175.33.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.33.16/; sid:900621955; rev:1;) alert tcp $HOME_NET any -> [37.46.128.252] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.46.128.252/; sid:900621953; rev:1;) alert tcp $HOME_NET any -> [217.106.238.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.106.238.102/; sid:900621945; rev:1;) alert tcp $HOME_NET any -> [104.217.8.108] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.217.8.108/; sid:900621944; rev:1;) alert tcp $HOME_NET any -> [185.251.39.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.12/; sid:900621946; rev:1;) alert tcp $HOME_NET any -> [82.118.21.99] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.99/; sid:900621949; rev:1;) alert tcp $HOME_NET any -> [158.69.133.71] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.133.71/; sid:900621948; rev:1;) alert tcp $HOME_NET any -> [158.69.133.76] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/158.69.133.76/; sid:900621952; rev:1;) alert tcp $HOME_NET any -> [192.3.146.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.146.179/; sid:900621957; rev:1;) alert tcp $HOME_NET any -> [212.109.223.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.223.235/; sid:900621954; rev:1;) alert tcp $HOME_NET any -> [45.15.253.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.132/; sid:900621947; rev:1;) alert tcp $HOME_NET any -> [185.172.129.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.146/; sid:900621959; rev:1;) alert tcp $HOME_NET any -> [46.30.41.188] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.188/; sid:900621942; rev:1;) alert tcp $HOME_NET any -> [194.36.189.170] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.170/; sid:900621943; rev:1;) alert tcp $HOME_NET any -> [185.117.75.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.110/; sid:900621940; rev:1;) alert tcp $HOME_NET any -> [198.46.198.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.131/; sid:900621941; rev:1;) alert tcp $HOME_NET any -> [139.60.163.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.101/; sid:900621938; rev:1;) alert tcp $HOME_NET any -> [195.123.237.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.113/; sid:900621939; rev:1;) alert tcp $HOME_NET any -> [186.47.82.6] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.82.6/; sid:900622030; rev:1;) alert tcp $HOME_NET any -> [5.53.124.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.49/; sid:900621937; rev:1;) alert tcp $HOME_NET any -> [178.170.189.117] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.117/; sid:900621934; rev:1;) alert tcp $HOME_NET any -> [5.9.178.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.9.178.87/; sid:900621935; rev:1;) alert tcp $HOME_NET any -> [79.143.31.94] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.31.94/; sid:900621936; rev:1;) alert tcp $HOME_NET any -> [51.79.57.148] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.79.57.148/; sid:900621933; rev:1;) alert tcp $HOME_NET any -> [89.105.203.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.105.203.182/; sid:900621930; rev:1;) alert tcp $HOME_NET any -> [185.183.99.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.99.159/; sid:900621928; rev:1;) alert tcp $HOME_NET any -> [80.87.199.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.54/; sid:900621927; rev:1;) alert tcp $HOME_NET any -> [82.146.43.15] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.146.43.15/; sid:900621932; rev:1;) alert tcp $HOME_NET any -> [198.46.198.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.132/; sid:900621931; rev:1;) alert tcp $HOME_NET any -> [186.156.52.78] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.156.52.78/; sid:900622020; rev:1;) alert tcp $HOME_NET any -> [186.47.40.234] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.40.234/; sid:900622017; rev:1;) alert tcp $HOME_NET any -> [190.13.190.178] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.190.178/; sid:900622016; rev:1;) alert tcp $HOME_NET any -> [192.210.226.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.226.104/; sid:900621924; rev:1;) alert tcp $HOME_NET any -> [146.185.219.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.21/; sid:900621926; rev:1;) alert tcp $HOME_NET any -> [185.241.53.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.241.53.109/; sid:900621923; rev:1;) alert tcp $HOME_NET any -> [54.36.24.100] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.36.24.100/; sid:900621922; rev:1;) alert tcp $HOME_NET any -> [185.172.129.11] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.11/; sid:900621929; rev:1;) alert tcp $HOME_NET any -> [185.202.174.77] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.77/; sid:900621920; rev:1;) alert tcp $HOME_NET any -> [5.53.124.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.53.124.147/; sid:900621925; rev:1;) alert tcp $HOME_NET any -> [107.174.71.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.174.71.44/; sid:900621918; rev:1;) alert tcp $HOME_NET any -> [54.37.195.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.37.195.102/; sid:900621919; rev:1;) alert tcp $HOME_NET any -> [185.142.99.39] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.39/; sid:900621915; rev:1;) alert tcp $HOME_NET any -> [185.117.73.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.73.58/; sid:900621914; rev:1;) alert tcp $HOME_NET any -> [198.46.198.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.12/; sid:900621917; rev:1;) alert tcp $HOME_NET any -> [81.177.136.17] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.17/; sid:900621909; rev:1;) alert tcp $HOME_NET any -> [198.12.97.204] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.97.204/; sid:900621910; rev:1;) alert tcp $HOME_NET any -> [212.80.217.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.217.182/; sid:900621911; rev:1;) alert tcp $HOME_NET any -> [195.123.237.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.126/; sid:900621916; rev:1;) alert tcp $HOME_NET any -> [195.123.233.35] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.35/; sid:900621908; rev:1;) alert tcp $HOME_NET any -> [107.172.201.144] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.201.144/; sid:900621906; rev:1;) alert tcp $HOME_NET any -> [31.184.253.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.253.244/; sid:900621905; rev:1;) alert tcp $HOME_NET any -> [146.185.219.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.19/; sid:900622338; rev:1;) alert tcp $HOME_NET any -> [193.124.185.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.185.113/; sid:900621903; rev:1;) alert tcp $HOME_NET any -> [195.123.238.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.54/; sid:900621902; rev:1;) alert tcp $HOME_NET any -> [198.12.97.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.97.170/; sid:900621901; rev:1;) alert tcp $HOME_NET any -> [50.3.68.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.3.68.150/; sid:900621904; rev:1;) alert tcp $HOME_NET any -> [194.87.111.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.111.102/; sid:900621900; rev:1;) alert tcp $HOME_NET any -> [94.103.95.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.95.91/; sid:900621899; rev:1;) alert tcp $HOME_NET any -> [190.152.38.66] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.38.66/; sid:900622009; rev:1;) alert tcp $HOME_NET any -> [198.46.198.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.198.103/; sid:900621907; rev:1;) alert tcp $HOME_NET any -> [91.235.129.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.80/; sid:900621898; rev:1;) alert tcp $HOME_NET any -> [37.228.117.142] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.117.142/; sid:900621897; rev:1;) alert tcp $HOME_NET any -> [185.161.210.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.161.210.161/; sid:900621896; rev:1;) alert tcp $HOME_NET any -> [85.143.217.214] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.217.214/; sid:900621893; rev:1;) alert tcp $HOME_NET any -> [46.30.41.33] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.33/; sid:900621894; rev:1;) alert tcp $HOME_NET any -> [92.63.104.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.63.104.76/; sid:900621895; rev:1;) alert tcp $HOME_NET any -> [185.186.77.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.233/; sid:900621892; rev:1;) alert tcp $HOME_NET any -> [91.240.84.55] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.55/; sid:900621891; rev:1;) alert tcp $HOME_NET any -> [185.98.87.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.196/; sid:900621890; rev:1;) alert tcp $HOME_NET any -> [185.177.59.115] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.177.59.115/; sid:900621888; rev:1;) alert tcp $HOME_NET any -> [195.161.62.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.206/; sid:900621889; rev:1;) alert tcp $HOME_NET any -> [188.165.62.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.165.62.5/; sid:900621887; rev:1;) alert tcp $HOME_NET any -> [192.3.253.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.253.217/; sid:900621913; rev:1;) alert tcp $HOME_NET any -> [94.156.189.216] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.189.216/; sid:900621912; rev:1;) alert tcp $HOME_NET any -> [185.202.174.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.76/; sid:900621921; rev:1;) alert tcp $HOME_NET any -> [45.67.231.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.231.170/; sid:900621884; rev:1;) alert tcp $HOME_NET any -> [23.95.90.88] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.90.88/; sid:900621881; rev:1;) alert tcp $HOME_NET any -> [5.253.63.142] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.142/; sid:900621878; rev:1;) alert tcp $HOME_NET any -> [144.217.50.250] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.250/; sid:900621879; rev:1;) alert tcp $HOME_NET any -> [190.152.36.30] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.36.30/; sid:900622018; rev:1;) alert tcp $HOME_NET any -> [195.161.114.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.114.131/; sid:900621874; rev:1;) alert tcp $HOME_NET any -> [194.99.20.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.20.161/; sid:900621873; rev:1;) alert tcp $HOME_NET any -> [217.107.34.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.170/; sid:900621875; rev:1;) alert tcp $HOME_NET any -> [192.243.109.215] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.215/; sid:900621876; rev:1;) alert tcp $HOME_NET any -> [192.3.253.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.253.197/; sid:900621877; rev:1;) alert tcp $HOME_NET any -> [185.183.96.217] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.217/; sid:900621880; rev:1;) alert tcp $HOME_NET any -> [192.243.109.208] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.208/; sid:900621882; rev:1;) alert tcp $HOME_NET any -> [23.94.184.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.124/; sid:900621883; rev:1;) alert tcp $HOME_NET any -> [212.73.150.83] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.73.150.83/; sid:900621872; rev:1;) alert tcp $HOME_NET any -> [195.123.243.79] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.243.79/; sid:900621871; rev:1;) alert tcp $HOME_NET any -> [145.239.188.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.90/; sid:900621870; rev:1;) alert tcp $HOME_NET any -> [192.243.109.219] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.109.219/; sid:900621869; rev:1;) alert tcp $HOME_NET any -> [109.234.34.152] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.34.152/; sid:900621868; rev:1;) alert tcp $HOME_NET any -> [185.183.98.198] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.98.198/; sid:900621867; rev:1;) alert tcp $HOME_NET any -> [37.44.212.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.19/; sid:900621866; rev:1;) alert tcp $HOME_NET any -> [185.183.96.221] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.221/; sid:900621864; rev:1;) alert tcp $HOME_NET any -> [192.3.247.108] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.108/; sid:900621865; rev:1;) alert tcp $HOME_NET any -> [200.119.45.140] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.119.45.140/; sid:900621993; rev:1;) alert tcp $HOME_NET any -> [108.174.56.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.56.131/; sid:900621886; rev:1;) alert tcp $HOME_NET any -> [80.87.199.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.186/; sid:900621862; rev:1;) alert tcp $HOME_NET any -> [193.37.212.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.218/; sid:900621863; rev:1;) alert tcp $HOME_NET any -> [193.37.212.219] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.219/; sid:900621861; rev:1;) alert tcp $HOME_NET any -> [194.87.144.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.144.60/; sid:900621860; rev:1;) alert tcp $HOME_NET any -> [37.18.30.20] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.20/; sid:900621859; rev:1;) alert tcp $HOME_NET any -> [80.87.199.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.5/; sid:900621856; rev:1;) alert tcp $HOME_NET any -> [92.38.171.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.91/; sid:900621855; rev:1;) alert tcp $HOME_NET any -> [178.156.202.242] 2050 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.242/; sid:900621854; rev:1;) alert tcp $HOME_NET any -> [80.87.201.64] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.201.64/; sid:900621858; rev:1;) alert tcp $HOME_NET any -> [45.15.253.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.55/; sid:900621857; rev:1;) alert tcp $HOME_NET any -> [136.243.142.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.142.150/; sid:900621853; rev:1;) alert tcp $HOME_NET any -> [162.248.225.160] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.225.160/; sid:900621852; rev:1;) alert tcp $HOME_NET any -> [202.9.120.79] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.9.120.79/; sid:900622012; rev:1;) alert tcp $HOME_NET any -> [185.173.92.121] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.173.92.121/; sid:900621851; rev:1;) alert tcp $HOME_NET any -> [185.241.52.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.241.52.38/; sid:900621849; rev:1;) alert tcp $HOME_NET any -> [181.176.160.145] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.160.145/; sid:900622003; rev:1;) alert tcp $HOME_NET any -> [176.57.215.128] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.57.215.128/; sid:900621850; rev:1;) alert tcp $HOME_NET any -> [185.141.25.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.91/; sid:900621847; rev:1;) alert tcp $HOME_NET any -> [185.183.97.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.152/; sid:900621846; rev:1;) alert tcp $HOME_NET any -> [185.141.27.172] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.172/; sid:900621837; rev:1;) alert tcp $HOME_NET any -> [217.107.34.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.34/; sid:900621838; rev:1;) alert tcp $HOME_NET any -> [80.87.200.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.200.37/; sid:900621839; rev:1;) alert tcp $HOME_NET any -> [5.253.63.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.134/; sid:900621841; rev:1;) alert tcp $HOME_NET any -> [185.141.27.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.27.134/; sid:900621840; rev:1;) alert tcp $HOME_NET any -> [162.247.155.165] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.165/; sid:900621842; rev:1;) alert tcp $HOME_NET any -> [145.239.188.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.239.188.88/; sid:900621843; rev:1;) alert tcp $HOME_NET any -> [192.3.83.176] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.176/; sid:900621836; rev:1;) alert tcp $HOME_NET any -> [198.12.101.164] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.101.164/; sid:900621844; rev:1;) alert tcp $HOME_NET any -> [51.75.232.232] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.232.232/; sid:900621834; rev:1;) alert tcp $HOME_NET any -> [217.107.34.104] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.104/; sid:900621832; rev:1;) alert tcp $HOME_NET any -> [185.198.57.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.86/; sid:900621833; rev:1;) alert tcp $HOME_NET any -> [37.44.215.174] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.174/; sid:900621831; rev:1;) alert tcp $HOME_NET any -> [81.177.26.91] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.26.91/; sid:900621828; rev:1;) alert tcp $HOME_NET any -> [185.203.118.145] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.118.145/; sid:900621829; rev:1;) alert tcp $HOME_NET any -> [107.173.125.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.125.68/; sid:900621826; rev:1;) alert tcp $HOME_NET any -> [103.207.1.44] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.207.1.44/; sid:900622006; rev:1;) alert tcp $HOME_NET any -> [85.204.116.189] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.189/; sid:900621824; rev:1;) alert tcp $HOME_NET any -> [185.183.96.48] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.96.48/; sid:900621823; rev:1;) alert tcp $HOME_NET any -> [185.141.25.79] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.79/; sid:900621825; rev:1;) alert tcp $HOME_NET any -> [192.3.247.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.104/; sid:900621827; rev:1;) alert tcp $HOME_NET any -> [23.94.184.109] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.109/; sid:900621830; rev:1;) alert tcp $HOME_NET any -> [85.143.223.188] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.188/; sid:900621835; rev:1;) alert tcp $HOME_NET any -> [172.245.110.126] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.110.126/; sid:900621848; rev:1;) alert tcp $HOME_NET any -> [37.18.30.153] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.153/; sid:900621845; rev:1;) alert tcp $HOME_NET any -> [185.141.25.75] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.75/; sid:900621822; rev:1;) alert tcp $HOME_NET any -> [195.133.144.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.144.112/; sid:900621819; rev:1;) alert tcp $HOME_NET any -> [91.228.218.50] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.228.218.50/; sid:900621815; rev:1;) alert tcp $HOME_NET any -> [23.94.49.229] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.49.229/; sid:900621817; rev:1;) alert tcp $HOME_NET any -> [23.95.44.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.44.51/; sid:900621818; rev:1;) alert tcp $HOME_NET any -> [37.44.215.180] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.180/; sid:900621816; rev:1;) alert tcp $HOME_NET any -> [92.38.171.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.57/; sid:900621812; rev:1;) alert tcp $HOME_NET any -> [162.248.225.20] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.248.225.20/; sid:900621813; rev:1;) alert tcp $HOME_NET any -> [31.202.132.185] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.185/; sid:900621810; rev:1;) alert tcp $HOME_NET any -> [107.175.115.147] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.115.147/; sid:900621809; rev:1;) alert tcp $HOME_NET any -> [185.141.25.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.126/; sid:900621806; rev:1;) alert tcp $HOME_NET any -> [78.140.223.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.140.223.27/; sid:900621808; rev:1;) alert tcp $HOME_NET any -> [185.65.202.127] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.127/; sid:900621807; rev:1;) alert tcp $HOME_NET any -> [23.94.53.171] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.53.171/; sid:900621811; rev:1;) alert tcp $HOME_NET any -> [195.123.238.9] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.9/; sid:900621821; rev:1;) alert tcp $HOME_NET any -> [94.156.35.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.190/; sid:900621804; rev:1;) alert tcp $HOME_NET any -> [195.123.245.16] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.16/; sid:900621802; rev:1;) alert tcp $HOME_NET any -> [192.243.108.105] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.105/; sid:900621803; rev:1;) alert tcp $HOME_NET any -> [23.94.137.229] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.229/; sid:900621801; rev:1;) alert tcp $HOME_NET any -> [192.3.61.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.61.236/; sid:900621800; rev:1;) alert tcp $HOME_NET any -> [85.204.116.192] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.192/; sid:900621799; rev:1;) alert tcp $HOME_NET any -> [45.237.240.178] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.237.240.178/; sid:900622005; rev:1;) alert tcp $HOME_NET any -> [178.157.82.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.60/; sid:900621798; rev:1;) alert tcp $HOME_NET any -> [185.61.148.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.203/; sid:900621796; rev:1;) alert tcp $HOME_NET any -> [178.157.82.177] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.157.82.177/; sid:900621793; rev:1;) alert tcp $HOME_NET any -> [23.94.137.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.10/; sid:900621791; rev:1;) alert tcp $HOME_NET any -> [185.98.87.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.98.87.113/; sid:900621781; rev:1;) alert tcp $HOME_NET any -> [80.87.199.224] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.199.224/; sid:900621773; rev:1;) alert tcp $HOME_NET any -> [194.32.77.81] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.32.77.81/; sid:900621774; rev:1;) alert tcp $HOME_NET any -> [185.135.81.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.81.95/; sid:900621775; rev:1;) alert tcp $HOME_NET any -> [45.15.253.61] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.61/; sid:900621778; rev:1;) alert tcp $HOME_NET any -> [5.196.195.6] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.195.6/; sid:900621779; rev:1;) alert tcp $HOME_NET any -> [37.44.212.120] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.120/; sid:900621782; rev:1;) alert tcp $HOME_NET any -> [92.119.114.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.119.114.186/; sid:900621783; rev:1;) alert tcp $HOME_NET any -> [185.206.145.100] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.145.100/; sid:900621784; rev:1;) alert tcp $HOME_NET any -> [192.243.103.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.103.153/; sid:900621787; rev:1;) alert tcp $HOME_NET any -> [185.61.148.65] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.65/; sid:900621780; rev:1;) alert tcp $HOME_NET any -> [85.143.218.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.218.104/; sid:900621776; rev:1;) alert tcp $HOME_NET any -> [51.254.69.233] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.69.233/; sid:900621777; rev:1;) alert tcp $HOME_NET any -> [192.3.83.168] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.168/; sid:900621797; rev:1;) alert tcp $HOME_NET any -> [185.206.146.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.146.178/; sid:900621762; rev:1;) alert tcp $HOME_NET any -> [185.65.202.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.65.202.102/; sid:900621771; rev:1;) alert tcp $HOME_NET any -> [185.141.25.116] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.116/; sid:900621788; rev:1;) alert tcp $HOME_NET any -> [185.205.210.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.205.210.58/; sid:900621792; rev:1;) alert tcp $HOME_NET any -> [185.186.77.248] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.186.77.248/; sid:900621767; rev:1;) alert tcp $HOME_NET any -> [193.37.212.249] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.249/; sid:900621768; rev:1;) alert tcp $HOME_NET any -> [82.118.22.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.22.87/; sid:900621764; rev:1;) alert tcp $HOME_NET any -> [45.8.229.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.229.113/; sid:900621763; rev:1;) alert tcp $HOME_NET any -> [193.37.213.39] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.213.39/; sid:900621794; rev:1;) alert tcp $HOME_NET any -> [107.173.140.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.140.104/; sid:900621795; rev:1;) alert tcp $HOME_NET any -> [192.243.108.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.102/; sid:900621772; rev:1;) alert tcp $HOME_NET any -> [85.204.116.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.151/; sid:900621761; rev:1;) alert tcp $HOME_NET any -> [31.202.132.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.95/; sid:900621789; rev:1;) alert tcp $HOME_NET any -> [108.174.56.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.174.56.159/; sid:900621790; rev:1;) alert tcp $HOME_NET any -> [185.183.97.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.141/; sid:900621766; rev:1;) alert tcp $HOME_NET any -> [107.173.34.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.34.151/; sid:900621786; rev:1;) alert tcp $HOME_NET any -> [107.172.248.98] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.248.98/; sid:900621785; rev:1;) alert tcp $HOME_NET any -> [23.94.96.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.96.203/; sid:900621765; rev:1;) alert tcp $HOME_NET any -> [192.210.132.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.210.132.15/; sid:900621760; rev:1;) alert tcp $HOME_NET any -> [195.123.213.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.213.36/; sid:900621769; rev:1;) alert tcp $HOME_NET any -> [185.246.67.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.67.198/; sid:900621770; rev:1;) alert tcp $HOME_NET any -> [77.244.219.49] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.244.219.49/; sid:900621742; rev:1;) alert tcp $HOME_NET any -> [185.251.39.73] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.73/; sid:900621758; rev:1;) alert tcp $HOME_NET any -> [192.243.102.102] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.102.102/; sid:900621759; rev:1;) alert tcp $HOME_NET any -> [185.198.57.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.110/; sid:900621747; rev:1;) alert tcp $HOME_NET any -> [5.253.63.112] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.112/; sid:900621746; rev:1;) alert tcp $HOME_NET any -> [45.12.215.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.12.215.57/; sid:900621745; rev:1;) alert tcp $HOME_NET any -> [185.246.67.63] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.67.63/; sid:900621736; rev:1;) alert tcp $HOME_NET any -> [185.180.197.38] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.197.38/; sid:900621737; rev:1;) alert tcp $HOME_NET any -> [103.75.118.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.75.118.230/; sid:900621738; rev:1;) alert tcp $HOME_NET any -> [202.4.169.178] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.4.169.178/; sid:900622162; rev:1;) alert tcp $HOME_NET any -> [178.170.189.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.170.189.45/; sid:900621735; rev:1;) alert tcp $HOME_NET any -> [37.44.212.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.173/; sid:900621733; rev:1;) alert tcp $HOME_NET any -> [185.90.61.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.80/; sid:900621730; rev:1;) alert tcp $HOME_NET any -> [2.59.40.240] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.59.40.240/; sid:900621731; rev:1;) alert tcp $HOME_NET any -> [185.86.149.110] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.149.110/; sid:900621728; rev:1;) alert tcp $HOME_NET any -> [107.173.42.177] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.42.177/; sid:900621729; rev:1;) alert tcp $HOME_NET any -> [185.61.149.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.162/; sid:900621727; rev:1;) alert tcp $HOME_NET any -> [192.243.108.230] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.230/; sid:900621726; rev:1;) alert tcp $HOME_NET any -> [185.202.174.72] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.72/; sid:900621722; rev:1;) alert tcp $HOME_NET any -> [194.67.217.125] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.67.217.125/; sid:900621718; rev:1;) alert tcp $HOME_NET any -> [82.118.21.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.133/; sid:900621719; rev:1;) alert tcp $HOME_NET any -> [144.217.12.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.12.34/; sid:900621724; rev:1;) alert tcp $HOME_NET any -> [146.185.219.56] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.56/; sid:900621716; rev:1;) alert tcp $HOME_NET any -> [46.30.41.155] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.155/; sid:900621717; rev:1;) alert tcp $HOME_NET any -> [185.244.149.74] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.74/; sid:900621720; rev:1;) alert tcp $HOME_NET any -> [193.37.212.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.106/; sid:900621721; rev:1;) alert tcp $HOME_NET any -> [107.172.143.241] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.143.241/; sid:900621723; rev:1;) alert tcp $HOME_NET any -> [185.251.38.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.238/; sid:900621725; rev:1;) alert tcp $HOME_NET any -> [195.123.246.69] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.69/; sid:900621749; rev:1;) alert tcp $HOME_NET any -> [172.245.19.134] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.19.134/; sid:900621714; rev:1;) alert tcp $HOME_NET any -> [131.161.105.206] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.161.105.206/; sid:900621978; rev:1;) alert tcp $HOME_NET any -> [185.117.75.101] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.75.101/; sid:900621743; rev:1;) alert tcp $HOME_NET any -> [139.60.163.40] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.40/; sid:900621739; rev:1;) alert tcp $HOME_NET any -> [93.189.47.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.47.93/; sid:900621750; rev:1;) alert tcp $HOME_NET any -> [149.202.225.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.164/; sid:900621713; rev:1;) alert tcp $HOME_NET any -> [81.177.136.36] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.36/; sid:900621734; rev:1;) alert tcp $HOME_NET any -> [192.227.232.26] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.26/; sid:900621732; rev:1;) alert tcp $HOME_NET any -> [82.118.21.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.139/; sid:900621715; rev:1;) alert tcp $HOME_NET any -> [23.94.93.104] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.93.104/; sid:900621748; rev:1;) alert tcp $HOME_NET any -> [146.185.219.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.69/; sid:900621751; rev:1;) alert tcp $HOME_NET any -> [178.156.202.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.69/; sid:900621752; rev:1;) alert tcp $HOME_NET any -> [192.144.7.42] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.144.7.42/; sid:900621753; rev:1;) alert tcp $HOME_NET any -> [103.117.172.206] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.117.172.206/; sid:900622028; rev:1;) alert tcp $HOME_NET any -> [178.156.202.151] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.156.202.151/; sid:900621712; rev:1;) alert tcp $HOME_NET any -> [137.74.211.228] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.74.211.228/; sid:900621710; rev:1;) alert tcp $HOME_NET any -> [89.32.41.164] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.164/; sid:900621707; rev:1;) alert tcp $HOME_NET any -> [85.204.116.131] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.131/; sid:900621706; rev:1;) alert tcp $HOME_NET any -> [104.194.215.118] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.118/; sid:900621705; rev:1;) alert tcp $HOME_NET any -> [45.67.228.231] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.228.231/; sid:900621701; rev:1;) alert tcp $HOME_NET any -> [85.143.223.89] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.89/; sid:900621698; rev:1;) alert tcp $HOME_NET any -> [103.84.238.3] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.84.238.3/; sid:900622001; rev:1;) alert tcp $HOME_NET any -> [94.156.189.197] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.189.197/; sid:900621699; rev:1;) alert tcp $HOME_NET any -> [5.253.63.119] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.119/; sid:900621700; rev:1;) alert tcp $HOME_NET any -> [45.15.253.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.27/; sid:900621696; rev:1;) alert tcp $HOME_NET any -> [85.204.116.132] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.132/; sid:900621695; rev:1;) alert tcp $HOME_NET any -> [195.123.226.124] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.226.124/; sid:900621693; rev:1;) alert tcp $HOME_NET any -> [136.243.142.131] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.142.131/; sid:900621692; rev:1;) alert tcp $HOME_NET any -> [31.202.132.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.202.132.159/; sid:900621694; rev:1;) alert tcp $HOME_NET any -> [93.189.44.235] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.44.235/; sid:900621690; rev:1;) alert tcp $HOME_NET any -> [139.60.163.39] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.39/; sid:900621709; rev:1;) alert tcp $HOME_NET any -> [185.224.132.65] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.224.132.65/; sid:900621708; rev:1;) alert tcp $HOME_NET any -> [107.172.141.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.141.10/; sid:900621688; rev:1;) alert tcp $HOME_NET any -> [168.235.102.16] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.102.16/; sid:900621711; rev:1;) alert tcp $HOME_NET any -> [104.194.215.161] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.161/; sid:900621691; rev:1;) alert tcp $HOME_NET any -> [85.204.116.138] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.138/; sid:900621703; rev:1;) alert tcp $HOME_NET any -> [23.94.93.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.93.106/; sid:900621704; rev:1;) alert tcp $HOME_NET any -> [192.243.101.211] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.101.211/; sid:900621702; rev:1;) alert tcp $HOME_NET any -> [185.43.6.250] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.6.250/; sid:900621697; rev:1;) alert tcp $HOME_NET any -> [81.177.140.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.140.60/; sid:900621689; rev:1;) alert tcp $HOME_NET any -> [217.107.34.77] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.77/; sid:900621683; rev:1;) alert tcp $HOME_NET any -> [195.123.246.2] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.2/; sid:900621678; rev:1;) alert tcp $HOME_NET any -> [195.123.238.188] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.188/; sid:900621675; rev:1;) alert tcp $HOME_NET any -> [195.133.196.102] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.196.102/; sid:900621668; rev:1;) alert tcp $HOME_NET any -> [89.105.203.180] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.105.203.180/; sid:900621665; rev:1;) alert tcp $HOME_NET any -> [23.94.137.223] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.223/; sid:900621662; rev:1;) alert tcp $HOME_NET any -> [194.36.191.21] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.191.21/; sid:900621660; rev:1;) alert tcp $HOME_NET any -> [195.123.246.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.41/; sid:900621664; rev:1;) alert tcp $HOME_NET any -> [104.194.215.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.194.215.57/; sid:900621663; rev:1;) alert tcp $HOME_NET any -> [80.87.193.47] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.87.193.47/; sid:900621661; rev:1;) alert tcp $HOME_NET any -> [107.175.62.231] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.62.231/; sid:900621658; rev:1;) alert tcp $HOME_NET any -> [185.141.25.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.25.101/; sid:900621670; rev:1;) alert tcp $HOME_NET any -> [192.99.255.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.99.255.37/; sid:900621754; rev:1;) alert tcp $HOME_NET any -> [185.183.97.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.133/; sid:900621755; rev:1;) alert tcp $HOME_NET any -> [185.252.144.213] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.213/; sid:900621659; rev:1;) alert tcp $HOME_NET any -> [168.235.81.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.235.81.133/; sid:900621673; rev:1;) alert tcp $HOME_NET any -> [185.141.26.80] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.141.26.80/; sid:900621657; rev:1;) alert tcp $HOME_NET any -> [193.124.176.170] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.124.176.170/; sid:900621671; rev:1;) alert tcp $HOME_NET any -> [195.123.212.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.212.230/; sid:900621676; rev:1;) alert tcp $HOME_NET any -> [195.123.233.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.162/; sid:900621677; rev:1;) alert tcp $HOME_NET any -> [185.62.103.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.62.103.137/; sid:900621680; rev:1;) alert tcp $HOME_NET any -> [107.173.141.227] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.141.227/; sid:900621682; rev:1;) alert tcp $HOME_NET any -> [195.133.144.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.133.144.87/; sid:900621679; rev:1;) alert tcp $HOME_NET any -> [91.240.84.110] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.110/; sid:900621672; rev:1;) alert tcp $HOME_NET any -> [93.95.97.68] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.97.68/; sid:900621669; rev:1;) alert tcp $HOME_NET any -> [51.83.52.180] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.83.52.180/; sid:900621686; rev:1;) alert tcp $HOME_NET any -> [125.99.253.34] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.253.34/; sid:900621994; rev:1;) alert tcp $HOME_NET any -> [162.244.32.226] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.226/; sid:900621687; rev:1;) alert tcp $HOME_NET any -> [92.38.171.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.12/; sid:900621666; rev:1;) alert tcp $HOME_NET any -> [192.227.204.230] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.204.230/; sid:900621667; rev:1;) alert tcp $HOME_NET any -> [92.38.171.20] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.171.20/; sid:900621674; rev:1;) alert tcp $HOME_NET any -> [185.172.129.150] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.150/; sid:900621685; rev:1;) alert tcp $HOME_NET any -> [212.80.216.202] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.202/; sid:900621684; rev:1;) alert tcp $HOME_NET any -> [162.244.32.130] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.130/; sid:900621744; rev:1;) alert tcp $HOME_NET any -> [212.109.223.12] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.109.223.12/; sid:900621741; rev:1;) alert tcp $HOME_NET any -> [194.36.191.23] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.191.23/; sid:900621740; rev:1;) alert tcp $HOME_NET any -> [82.202.194.182] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.194.182/; sid:900621653; rev:1;) alert tcp $HOME_NET any -> [95.181.198.173] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.198.173/; sid:900621651; rev:1;) alert tcp $HOME_NET any -> [23.94.137.179] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.137.179/; sid:900621650; rev:1;) alert tcp $HOME_NET any -> [195.123.238.152] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.238.152/; sid:900621649; rev:1;) alert tcp $HOME_NET any -> [213.226.68.75] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.68.75/; sid:900621652; rev:1;) alert tcp $HOME_NET any -> [185.242.84.174] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.242.84.174/; sid:900621648; rev:1;) alert tcp $HOME_NET any -> [94.103.94.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.103/; sid:900621654; rev:1;) alert tcp $HOME_NET any -> [185.244.149.216] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.216/; sid:900621655; rev:1;) alert tcp $HOME_NET any -> [206.217.143.91] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.217.143.91/; sid:900621645; rev:1;) alert tcp $HOME_NET any -> [107.191.109.143] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.191.109.143/; sid:900621646; rev:1;) alert tcp $HOME_NET any -> [23.94.184.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.94.184.45/; sid:900621647; rev:1;) alert tcp $HOME_NET any -> [66.70.218.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.38/; sid:900621643; rev:1;) alert tcp $HOME_NET any -> [89.32.41.127] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.127/; sid:900621644; rev:1;) alert tcp $HOME_NET any -> [82.118.21.91] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.91/; sid:900621642; rev:1;) alert tcp $HOME_NET any -> [151.80.88.253] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/151.80.88.253/; sid:900621630; rev:1;) alert tcp $HOME_NET any -> [185.180.198.148] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.148/; sid:900621621; rev:1;) alert tcp $HOME_NET any -> [195.161.62.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.25/; sid:900621631; rev:1;) alert tcp $HOME_NET any -> [195.161.114.191] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.114.191/; sid:900621628; rev:1;) alert tcp $HOME_NET any -> [162.247.155.131] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.247.155.131/; sid:900621623; rev:1;) alert tcp $HOME_NET any -> [185.246.64.77] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.246.64.77/; sid:900621622; rev:1;) alert tcp $HOME_NET any -> [198.46.190.37] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.46.190.37/; sid:900621624; rev:1;) alert tcp $HOME_NET any -> [45.67.228.192] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.67.228.192/; sid:900621625; rev:1;) alert tcp $HOME_NET any -> [93.189.42.220] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.189.42.220/; sid:900621627; rev:1;) alert tcp $HOME_NET any -> [91.240.85.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.85.141/; sid:900621626; rev:1;) alert tcp $HOME_NET any -> [37.44.215.169] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.169/; sid:900621632; rev:1;) alert tcp $HOME_NET any -> [149.202.225.160] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.160/; sid:900621633; rev:1;) alert tcp $HOME_NET any -> [107.175.69.34] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.175.69.34/; sid:900621614; rev:1;) alert tcp $HOME_NET any -> [188.246.227.208] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.246.227.208/; sid:900621610; rev:1;) alert tcp $HOME_NET any -> [23.95.242.213] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.242.213/; sid:900621608; rev:1;) alert tcp $HOME_NET any -> [78.155.206.85] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.85/; sid:900621605; rev:1;) alert tcp $HOME_NET any -> [37.18.30.99] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.99/; sid:900621600; rev:1;) alert tcp $HOME_NET any -> [195.123.227.224] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.227.224/; sid:900621599; rev:1;) alert tcp $HOME_NET any -> [164.132.216.41] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.41/; sid:900621601; rev:1;) alert tcp $HOME_NET any -> [198.12.71.138] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.71.138/; sid:900621597; rev:1;) alert tcp $HOME_NET any -> [37.18.30.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.55/; sid:900621603; rev:1;) alert tcp $HOME_NET any -> [185.90.61.7] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.90.61.7/; sid:900621607; rev:1;) alert tcp $HOME_NET any -> [185.61.148.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.207/; sid:900621606; rev:1;) alert tcp $HOME_NET any -> [37.44.212.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.182/; sid:900621611; rev:1;) alert tcp $HOME_NET any -> [185.172.129.109] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.109/; sid:900621596; rev:1;) alert tcp $HOME_NET any -> [37.44.215.106] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.106/; sid:900621609; rev:1;) alert tcp $HOME_NET any -> [191.101.251.146] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.101.251.146/; sid:900621615; rev:1;) alert tcp $HOME_NET any -> [198.12.71.171] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.12.71.171/; sid:900621595; rev:1;) alert tcp $HOME_NET any -> [5.196.247.4] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.196.247.4/; sid:900621598; rev:1;) alert tcp $HOME_NET any -> [37.44.215.156] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.156/; sid:900621616; rev:1;) alert tcp $HOME_NET any -> [5.253.63.106] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.253.63.106/; sid:900621629; rev:1;) alert tcp $HOME_NET any -> [91.235.129.166] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.166/; sid:900621602; rev:1;) alert tcp $HOME_NET any -> [89.32.41.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.126/; sid:900621637; rev:1;) alert tcp $HOME_NET any -> [185.252.144.55] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.55/; sid:900621619; rev:1;) alert tcp $HOME_NET any -> [91.235.129.119] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.119/; sid:900621620; rev:1;) alert tcp $HOME_NET any -> [91.240.85.19] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.85.19/; sid:900621613; rev:1;) alert tcp $HOME_NET any -> [23.95.9.156] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.9.156/; sid:900621635; rev:1;) alert tcp $HOME_NET any -> [185.43.6.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.43.6.87/; sid:900621617; rev:1;) alert tcp $HOME_NET any -> [78.155.207.191] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.207.191/; sid:900621640; rev:1;) alert tcp $HOME_NET any -> [146.185.219.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.45/; sid:900621618; rev:1;) alert tcp $HOME_NET any -> [23.95.9.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.9.122/; sid:900621641; rev:1;) alert tcp $HOME_NET any -> [193.37.212.81] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.212.81/; sid:900621757; rev:1;) alert tcp $HOME_NET any -> [172.245.241.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/172.245.241.25/; sid:900621656; rev:1;) alert tcp $HOME_NET any -> [107.172.2.128] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.172.2.128/; sid:900621634; rev:1;) alert tcp $HOME_NET any -> [168.227.229.112] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.227.229.112/; sid:900622021; rev:1;) alert tcp $HOME_NET any -> [45.15.253.25] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.15.253.25/; sid:900621638; rev:1;) alert tcp $HOME_NET any -> [185.86.151.23] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.23/; sid:900621591; rev:1;) alert tcp $HOME_NET any -> [192.243.108.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.243.108.137/; sid:900621612; rev:1;) alert tcp $HOME_NET any -> [94.140.125.143] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.125.143/; sid:900621590; rev:1;) alert tcp $HOME_NET any -> [195.123.213.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.213.186/; sid:900621756; rev:1;) alert tcp $HOME_NET any -> [85.119.150.159] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.119.150.159/; sid:900621639; rev:1;) alert tcp $HOME_NET any -> [89.32.41.122] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.32.41.122/; sid:900621636; rev:1;) alert tcp $HOME_NET any -> [37.44.215.107] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.107/; sid:900621592; rev:1;) alert tcp $HOME_NET any -> [185.82.200.7] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.82.200.7/; sid:900621594; rev:1;) alert tcp $HOME_NET any -> [37.44.212.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.86/; sid:900621589; rev:1;) alert tcp $HOME_NET any -> [185.86.151.115] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.115/; sid:900621587; rev:1;) alert tcp $HOME_NET any -> [37.44.212.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.196/; sid:900621588; rev:1;) alert tcp $HOME_NET any -> [37.44.212.203] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.203/; sid:900621586; rev:1;) alert tcp $HOME_NET any -> [31.184.255.100] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.184.255.100/; sid:900621580; rev:1;) alert tcp $HOME_NET any -> [85.204.116.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.41/; sid:900621585; rev:1;) alert tcp $HOME_NET any -> [139.60.163.38] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.38/; sid:900621579; rev:1;) alert tcp $HOME_NET any -> [131.196.184.141] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/131.196.184.141/; sid:900622025; rev:1;) alert tcp $HOME_NET any -> [195.123.233.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.233.99/; sid:900621581; rev:1;) alert tcp $HOME_NET any -> [185.172.129.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.147/; sid:900621584; rev:1;) alert tcp $HOME_NET any -> [164.132.216.63] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.63/; sid:900621577; rev:1;) alert tcp $HOME_NET any -> [185.117.73.76] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.73.76/; sid:900621576; rev:1;) alert tcp $HOME_NET any -> [191.101.251.141] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.101.251.141/; sid:900621583; rev:1;) alert tcp $HOME_NET any -> [185.135.81.147] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.135.81.147/; sid:900621582; rev:1;) alert tcp $HOME_NET any -> [85.204.116.45] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.45/; sid:900621575; rev:1;) alert tcp $HOME_NET any -> [85.204.116.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.94/; sid:900621573; rev:1;) alert tcp $HOME_NET any -> [51.75.58.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.75.58.173/; sid:900621567; rev:1;) alert tcp $HOME_NET any -> [107.181.175.69] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.69/; sid:900621569; rev:1;) alert tcp $HOME_NET any -> [85.204.116.95] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.95/; sid:900621574; rev:1;) alert tcp $HOME_NET any -> [194.87.103.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.103.190/; sid:900621572; rev:1;) alert tcp $HOME_NET any -> [185.244.219.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.219.46/; sid:900621570; rev:1;) alert tcp $HOME_NET any -> [185.66.14.248] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.14.248/; sid:900621566; rev:1;) alert tcp $HOME_NET any -> [195.123.246.177] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.177/; sid:900621564; rev:1;) alert tcp $HOME_NET any -> [185.66.15.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.66.15.10/; sid:900621565; rev:1;) alert tcp $HOME_NET any -> [176.119.158.184] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.119.158.184/; sid:900621563; rev:1;) alert tcp $HOME_NET any -> [109.234.35.127] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.35.127/; sid:900621562; rev:1;) alert tcp $HOME_NET any -> [213.226.68.117] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.68.117/; sid:900621560; rev:1;) alert tcp $HOME_NET any -> [195.123.237.186] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.186/; sid:900621561; rev:1;) alert tcp $HOME_NET any -> [185.175.156.13] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.175.156.13/; sid:900621578; rev:1;) alert tcp $HOME_NET any -> [91.235.129.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.167/; sid:900621558; rev:1;) alert tcp $HOME_NET any -> [5.188.168.61] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.61/; sid:900621557; rev:1;) alert tcp $HOME_NET any -> [185.224.134.124] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.224.134.124/; sid:900621556; rev:1;) alert tcp $HOME_NET any -> [185.251.38.244] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.244/; sid:900621555; rev:1;) alert tcp $HOME_NET any -> [82.202.221.160] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.221.160/; sid:900621554; rev:1;) alert tcp $HOME_NET any -> [85.143.219.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.219.53/; sid:900621553; rev:1;) alert tcp $HOME_NET any -> [107.181.175.44] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.44/; sid:900621551; rev:1;) alert tcp $HOME_NET any -> [5.189.224.172] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.189.224.172/; sid:900621550; rev:1;) alert tcp $HOME_NET any -> [142.44.157.144] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.44.157.144/; sid:900621549; rev:1;) alert tcp $HOME_NET any -> [146.185.219.31] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.185.219.31/; sid:900621547; rev:1;) alert tcp $HOME_NET any -> [37.18.30.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.179/; sid:900621546; rev:1;) alert tcp $HOME_NET any -> [195.123.240.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.126/; sid:900621548; rev:1;) alert tcp $HOME_NET any -> [212.22.77.5] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.77.5/; sid:900621559; rev:1;) alert tcp $HOME_NET any -> [5.188.41.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.41.101/; sid:900621552; rev:1;) alert tcp $HOME_NET any -> [95.181.179.96] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.181.179.96/; sid:900621539; rev:1;) alert tcp $HOME_NET any -> [195.123.240.148] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.148/; sid:900621540; rev:1;) alert tcp $HOME_NET any -> [93.95.97.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.95.97.209/; sid:900621544; rev:1;) alert tcp $HOME_NET any -> [91.240.84.166] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.240.84.166/; sid:900621545; rev:1;) alert tcp $HOME_NET any -> [188.68.210.159] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.210.159/; sid:900621542; rev:1;) alert tcp $HOME_NET any -> [95.46.8.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.46.8.206/; sid:900621543; rev:1;) alert tcp $HOME_NET any -> [213.226.71.157] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.226.71.157/; sid:900621541; rev:1;) alert tcp $HOME_NET any -> [45.8.229.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.8.229.101/; sid:900621538; rev:1;) alert tcp $HOME_NET any -> [162.244.32.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.139/; sid:900621537; rev:1;) alert tcp $HOME_NET any -> [78.155.206.28] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.28/; sid:900621535; rev:1;) alert tcp $HOME_NET any -> [66.70.218.60] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.70.218.60/; sid:900621536; rev:1;) alert tcp $HOME_NET any -> [185.86.151.123] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.151.123/; sid:900621534; rev:1;) alert tcp $HOME_NET any -> [37.44.215.80] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.80/; sid:900621533; rev:1;) alert tcp $HOME_NET any -> [144.217.50.240] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.240/; sid:900621530; rev:1;) alert tcp $HOME_NET any -> [185.255.79.167] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.167/; sid:900621529; rev:1;) alert tcp $HOME_NET any -> [144.217.50.241] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.241/; sid:900621528; rev:1;) alert tcp $HOME_NET any -> [190.13.160.19] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.160.19/; sid:900621995; rev:1;) alert tcp $HOME_NET any -> [190.152.4.210] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.152.4.210/; sid:900622013; rev:1;) alert tcp $HOME_NET any -> [85.204.116.215] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.215/; sid:900621526; rev:1;) alert tcp $HOME_NET any -> [144.217.50.243] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.217.50.243/; sid:900621527; rev:1;) alert tcp $HOME_NET any -> [195.123.246.67] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.246.67/; sid:900621531; rev:1;) alert tcp $HOME_NET any -> [107.173.104.136] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.104.136/; sid:900621532; rev:1;) alert tcp $HOME_NET any -> [107.173.57.251] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.251/; sid:900621525; rev:1;) alert tcp $HOME_NET any -> [37.18.30.80] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.80/; sid:900621520; rev:1;) alert tcp $HOME_NET any -> [54.38.127.26] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.26/; sid:900621519; rev:1;) alert tcp $HOME_NET any -> [5.188.168.36] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.36/; sid:900621518; rev:1;) alert tcp $HOME_NET any -> [85.143.217.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.217.57/; sid:900621517; rev:1;) alert tcp $HOME_NET any -> [85.204.116.217] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.217/; sid:900621522; rev:1;) alert tcp $HOME_NET any -> [185.61.148.53] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.53/; sid:900621521; rev:1;) alert tcp $HOME_NET any -> [94.250.254.247] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.254.247/; sid:900621513; rev:1;) alert tcp $HOME_NET any -> [164.132.216.50] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.50/; sid:900621512; rev:1;) alert tcp $HOME_NET any -> [109.94.110.137] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.94.110.137/; sid:900621514; rev:1;) alert tcp $HOME_NET any -> [194.36.189.243] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.243/; sid:900621516; rev:1;) alert tcp $HOME_NET any -> [46.105.33.163] 446 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.105.33.163/; sid:900621515; rev:1;) alert tcp $HOME_NET any -> [170.238.117.187] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/170.238.117.187/; sid:900621980; rev:1;) alert tcp $HOME_NET any -> [79.137.119.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.137.119.212/; sid:900621523; rev:1;) alert tcp $HOME_NET any -> [185.161.211.185] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.161.211.185/; sid:900621524; rev:1;) alert tcp $HOME_NET any -> [37.230.116.113] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.230.116.113/; sid:900621511; rev:1;) alert tcp $HOME_NET any -> [82.202.194.179] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.202.194.179/; sid:900621510; rev:1;) alert tcp $HOME_NET any -> [85.204.116.172] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.172/; sid:900621508; rev:1;) alert tcp $HOME_NET any -> [94.140.116.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.140.116.225/; sid:900621509; rev:1;) alert tcp $HOME_NET any -> [109.234.37.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.234.37.139/; sid:900621506; rev:1;) alert tcp $HOME_NET any -> [54.38.127.27] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.27/; sid:900621507; rev:1;) alert tcp $HOME_NET any -> [185.255.79.58] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.58/; sid:900621505; rev:1;) alert tcp $HOME_NET any -> [85.204.116.101] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.101/; sid:900621503; rev:1;) alert tcp $HOME_NET any -> [91.235.129.88] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.88/; sid:900621504; rev:1;) alert tcp $HOME_NET any -> [5.188.168.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.168.29/; sid:900621502; rev:1;) alert tcp $HOME_NET any -> [176.113.80.103] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.113.80.103/; sid:900621500; rev:1;) alert tcp $HOME_NET any -> [195.123.245.101] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.101/; sid:900621499; rev:1;) alert tcp $HOME_NET any -> [217.107.34.29] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.107.34.29/; sid:900621495; rev:1;) alert tcp $HOME_NET any -> [188.68.209.25] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.209.25/; sid:900621496; rev:1;) alert tcp $HOME_NET any -> [82.118.21.226] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.226/; sid:900621498; rev:1;) alert tcp $HOME_NET any -> [82.118.21.209] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.209/; sid:900621497; rev:1;) alert tcp $HOME_NET any -> [85.204.116.170] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.204.116.170/; sid:900621501; rev:1;) alert tcp $HOME_NET any -> [79.141.166.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.141.166.54/; sid:900621494; rev:1;) alert tcp $HOME_NET any -> [138.185.247.169] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.185.247.169/; sid:900621969; rev:1;) alert tcp $HOME_NET any -> [185.251.38.22] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.22/; sid:900621493; rev:1;) alert tcp $HOME_NET any -> [85.143.222.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.222.236/; sid:900621492; rev:1;) alert tcp $HOME_NET any -> [37.44.215.190] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.190/; sid:900621488; rev:1;) alert tcp $HOME_NET any -> [92.38.135.83] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.83/; sid:900621489; rev:1;) alert tcp $HOME_NET any -> [195.161.62.90] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.161.62.90/; sid:900621487; rev:1;) alert tcp $HOME_NET any -> [77.244.219.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.244.219.57/; sid:900621485; rev:1;) alert tcp $HOME_NET any -> [179.43.147.84] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.43.147.84/; sid:900621484; rev:1;) alert tcp $HOME_NET any -> [51.77.2.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.77.2.193/; sid:900621483; rev:1;) alert tcp $HOME_NET any -> [93.170.123.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/93.170.123.234/; sid:900621481; rev:1;) alert tcp $HOME_NET any -> [37.44.215.191] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.191/; sid:900621486; rev:1;) alert tcp $HOME_NET any -> [198.8.91.37] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/198.8.91.37/; sid:900621482; rev:1;) alert tcp $HOME_NET any -> [186.47.87.22] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.47.87.22/; sid:900621975; rev:1;) alert tcp $HOME_NET any -> [190.119.180.226] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.119.180.226/; sid:900621976; rev:1;) alert tcp $HOME_NET any -> [185.142.99.19] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.19/; sid:900621471; rev:1;) alert tcp $HOME_NET any -> [193.37.214.153] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.37.214.153/; sid:900621472; rev:1;) alert tcp $HOME_NET any -> [185.206.146.54] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.206.146.54/; sid:900621470; rev:1;) alert tcp $HOME_NET any -> [104.193.252.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.193.252.212/; sid:900621469; rev:1;) alert tcp $HOME_NET any -> [185.172.129.120] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.172.129.120/; sid:900621476; rev:1;) alert tcp $HOME_NET any -> [46.21.248.45] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.248.45/; sid:900621477; rev:1;) alert tcp $HOME_NET any -> [185.180.198.239] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.239/; sid:900621474; rev:1;) alert tcp $HOME_NET any -> [164.132.216.54] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.54/; sid:900621473; rev:1;) alert tcp $HOME_NET any -> [185.180.198.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.180.198.181/; sid:900621475; rev:1;) alert tcp $HOME_NET any -> [139.60.163.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.60.163.51/; sid:900621468; rev:1;) alert tcp $HOME_NET any -> [146.196.122.167] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/146.196.122.167/; sid:900622015; rev:1;) alert tcp $HOME_NET any -> [185.117.72.140] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.72.140/; sid:900621478; rev:1;) alert tcp $HOME_NET any -> [37.44.212.99] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.99/; sid:900621479; rev:1;) alert tcp $HOME_NET any -> [185.203.117.225] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.203.117.225/; sid:900621466; rev:1;) alert tcp $HOME_NET any -> [176.113.80.14] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.113.80.14/; sid:900621464; rev:1;) alert tcp $HOME_NET any -> [91.92.128.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.128.178/; sid:900621465; rev:1;) alert tcp $HOME_NET any -> [37.44.215.42] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.42/; sid:900621467; rev:1;) alert tcp $HOME_NET any -> [194.36.189.217] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.36.189.217/; sid:900621458; rev:1;) alert tcp $HOME_NET any -> [37.44.215.41] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.41/; sid:900621459; rev:1;) alert tcp $HOME_NET any -> [192.3.247.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.247.133/; sid:900621462; rev:1;) alert tcp $HOME_NET any -> [185.251.38.129] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.38.129/; sid:900621463; rev:1;) alert tcp $HOME_NET any -> [37.44.215.255] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.255/; sid:900621456; rev:1;) alert tcp $HOME_NET any -> [92.38.135.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.109/; sid:900621457; rev:1;) alert tcp $HOME_NET any -> [51.254.160.193] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.254.160.193/; sid:900621568; rev:1;) alert tcp $HOME_NET any -> [94.156.35.32] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.156.35.32/; sid:900621461; rev:1;) alert tcp $HOME_NET any -> [186.83.133.253] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.83.133.253/; sid:900622121; rev:1;) alert tcp $HOME_NET any -> [190.19.42.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.19.42.131/; sid:900622122; rev:1;) alert tcp $HOME_NET any -> [107.173.57.182] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.182/; sid:900621460; rev:1;) alert tcp $HOME_NET any -> [192.3.83.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.3.83.173/; sid:900621452; rev:1;) alert tcp $HOME_NET any -> [46.30.41.241] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.30.41.241/; sid:900621451; rev:1;) alert tcp $HOME_NET any -> [213.120.104.180] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.120.104.180/; sid:900622115; rev:1;) alert tcp $HOME_NET any -> [5.77.13.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.77.13.70/; sid:900622124; rev:1;) alert tcp $HOME_NET any -> [201.231.74.241] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.74.241/; sid:900621970; rev:1;) alert tcp $HOME_NET any -> [149.202.225.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.202.225.162/; sid:900621454; rev:1;) alert tcp $HOME_NET any -> [212.71.234.16] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.71.234.16/; sid:900622719; rev:1;) alert tcp $HOME_NET any -> [185.244.149.92] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.92/; sid:900621453; rev:1;) alert tcp $HOME_NET any -> [185.255.79.22] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.255.79.22/; sid:900621449; rev:1;) alert tcp $HOME_NET any -> [107.173.57.163] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.57.163/; sid:900621450; rev:1;) alert tcp $HOME_NET any -> [104.216.111.236] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.216.111.236/; sid:900621448; rev:1;) alert tcp $HOME_NET any -> [107.181.175.93] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.93/; sid:900621447; rev:1;) alert tcp $HOME_NET any -> [89.223.94.15] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.94.15/; sid:900621446; rev:1;) alert tcp $HOME_NET any -> [46.161.54.232] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.161.54.232/; sid:900621441; rev:1;) alert tcp $HOME_NET any -> [94.23.172.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.172.196/; sid:900621440; rev:1;) alert tcp $HOME_NET any -> [138.68.106.4] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.106.4/; sid:900623390; rev:1;) alert tcp $HOME_NET any -> [187.58.56.26] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.58.56.26/; sid:900622019; rev:1;) alert tcp $HOME_NET any -> [195.123.245.135] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.245.135/; sid:900621443; rev:1;) alert tcp $HOME_NET any -> [5.188.108.14] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.14/; sid:900621439; rev:1;) alert tcp $HOME_NET any -> [86.6.188.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.6.188.121/; sid:900622549; rev:1;) alert tcp $HOME_NET any -> [190.55.39.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.55.39.215/; sid:900622560; rev:1;) alert tcp $HOME_NET any -> [46.161.39.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.161.39.207/; sid:900621442; rev:1;) alert tcp $HOME_NET any -> [81.213.215.216] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.215.216/; sid:900622635; rev:1;) alert tcp $HOME_NET any -> [176.31.213.238] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.31.213.238/; sid:900621444; rev:1;) alert tcp $HOME_NET any -> [95.213.203.181] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.213.203.181/; sid:900621445; rev:1;) alert tcp $HOME_NET any -> [181.129.49.98] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.49.98/; sid:900622029; rev:1;) alert tcp $HOME_NET any -> [185.244.149.206] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.149.206/; sid:900621434; rev:1;) alert tcp $HOME_NET any -> [191.37.181.152] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.37.181.152/; sid:900621997; rev:1;) alert tcp $HOME_NET any -> [94.23.174.183] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.23.174.183/; sid:900621435; rev:1;) alert tcp $HOME_NET any -> [185.61.149.38] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.38/; sid:900621436; rev:1;) alert tcp $HOME_NET any -> [94.103.94.154] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.154/; sid:900621430; rev:1;) alert tcp $HOME_NET any -> [176.223.133.178] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.223.133.178/; sid:900621429; rev:1;) alert tcp $HOME_NET any -> [213.32.46.142] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.32.46.142/; sid:900621426; rev:1;) alert tcp $HOME_NET any -> [91.83.93.103] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.103/; sid:900622113; rev:1;) alert tcp $HOME_NET any -> [31.12.67.62] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.12.67.62/; sid:900622110; rev:1;) alert tcp $HOME_NET any -> [190.230.60.129] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.60.129/; sid:900622147; rev:1;) alert tcp $HOME_NET any -> [128.199.78.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.199.78.227/; sid:900622117; rev:1;) alert tcp $HOME_NET any -> [181.36.42.205] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.36.42.205/; sid:900622173; rev:1;) alert tcp $HOME_NET any -> [185.117.119.86] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.117.119.86/; sid:900621427; rev:1;) alert tcp $HOME_NET any -> [179.32.19.219] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.32.19.219/; sid:900622229; rev:1;) alert tcp $HOME_NET any -> [177.103.240.149] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.103.240.149/; sid:900622008; rev:1;) alert tcp $HOME_NET any -> [189.80.134.122] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.80.134.122/; sid:900622004; rev:1;) alert tcp $HOME_NET any -> [103.117.232.198] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.117.232.198/; sid:900622010; rev:1;) alert tcp $HOME_NET any -> [176.53.21.234] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.53.21.234/; sid:900621432; rev:1;) alert tcp $HOME_NET any -> [78.155.206.190] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.206.190/; sid:900621433; rev:1;) alert tcp $HOME_NET any -> [188.68.208.165] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.68.208.165/; sid:900621428; rev:1;) alert tcp $HOME_NET any -> [81.177.136.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.5/; sid:900621422; rev:1;) alert tcp $HOME_NET any -> [104.131.208.175] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.208.175/; sid:900622107; rev:1;) alert tcp $HOME_NET any -> [199.19.237.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.19.237.192/; sid:900622331; rev:1;) alert tcp $HOME_NET any -> [190.1.37.125] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.1.37.125/; sid:900622118; rev:1;) alert tcp $HOME_NET any -> [86.42.166.147] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.166.147/; sid:900622148; rev:1;) alert tcp $HOME_NET any -> [142.93.88.16] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.93.88.16/; sid:900622108; rev:1;) alert tcp $HOME_NET any -> [200.123.101.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.101.90/; sid:900622679; rev:1;) alert tcp $HOME_NET any -> [162.144.119.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.144.119.216/; sid:900622109; rev:1;) alert tcp $HOME_NET any -> [194.99.20.44] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.99.20.44/; sid:900621406; rev:1;) alert tcp $HOME_NET any -> [23.95.132.246] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.132.246/; sid:900621405; rev:1;) alert tcp $HOME_NET any -> [87.106.136.232] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.136.232/; sid:900991688; rev:1;) alert tcp $HOME_NET any -> [186.81.160.22] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.81.160.22/; sid:900621410; rev:1;) alert tcp $HOME_NET any -> [60.48.253.12] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.48.253.12/; sid:900621404; rev:1;) alert tcp $HOME_NET any -> [104.236.99.225] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.99.225/; sid:900621402; rev:1;) alert tcp $HOME_NET any -> [201.97.95.50] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.95.50/; sid:900621403; rev:1;) alert tcp $HOME_NET any -> [5.67.205.99] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.67.205.99/; sid:900621431; rev:1;) alert tcp $HOME_NET any -> [194.87.102.92] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.102.92/; sid:900621401; rev:1;) alert tcp $HOME_NET any -> [190.246.166.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.246.166.217/; sid:900621411; rev:1;) alert tcp $HOME_NET any -> [181.141.87.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.141.87.122/; sid:900621409; rev:1;) alert tcp $HOME_NET any -> [201.212.24.6] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.24.6/; sid:900990301; rev:1;) alert tcp $HOME_NET any -> [181.198.67.178] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.67.178/; sid:900990295; rev:1;) alert tcp $HOME_NET any -> [46.21.105.59] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.21.105.59/; sid:900990294; rev:1;) alert tcp $HOME_NET any -> [70.44.163.160] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.44.163.160/; sid:900990288; rev:1;) alert tcp $HOME_NET any -> [181.15.180.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.180.140/; sid:900990287; rev:1;) alert tcp $HOME_NET any -> [174.96.5.251] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.96.5.251/; sid:900990168; rev:1;) alert tcp $HOME_NET any -> [185.202.174.13] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.202.174.13/; sid:900621396; rev:1;) alert tcp $HOME_NET any -> [164.132.138.136] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.136/; sid:900621395; rev:1;) alert tcp $HOME_NET any -> [164.132.138.142] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.142/; sid:900621437; rev:1;) alert tcp $HOME_NET any -> [85.143.223.209] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.143.223.209/; sid:900621408; rev:1;) alert tcp $HOME_NET any -> [185.61.148.198] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.148.198/; sid:900621407; rev:1;) alert tcp $HOME_NET any -> [185.244.131.186] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.244.131.186/; sid:900621414; rev:1;) alert tcp $HOME_NET any -> [80.86.92.114] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.86.92.114/; sid:900621400; rev:1;) alert tcp $HOME_NET any -> [178.63.50.54] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.63.50.54/; sid:900621398; rev:1;) alert tcp $HOME_NET any -> [212.80.216.235] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.235/; sid:900621392; rev:1;) alert tcp $HOME_NET any -> [159.65.241.220] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.241.220/; sid:900621399; rev:1;) alert tcp $HOME_NET any -> [5.39.119.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.39.119.173/; sid:900621390; rev:1;) alert tcp $HOME_NET any -> [104.131.11.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.131.11.150/; sid:900621397; rev:1;) alert tcp $HOME_NET any -> [181.129.140.140] 449 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.140.140/; sid:900622022; rev:1;) alert tcp $HOME_NET any -> [185.147.14.233] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.147.14.233/; sid:900621388; rev:1;) alert tcp $HOME_NET any -> [79.143.182.254] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.143.182.254/; sid:900987191; rev:1;) alert tcp $HOME_NET any -> [62.75.141.51] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.141.51/; sid:900621385; rev:1;) alert tcp $HOME_NET any -> [62.192.227.125] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.192.227.125/; sid:900987182; rev:1;) alert tcp $HOME_NET any -> [190.252.229.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.252.229.53/; sid:900987179; rev:1;) alert tcp $HOME_NET any -> [82.71.157.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.71.157.57/; sid:900621386; rev:1;) alert tcp $HOME_NET any -> [87.246.58.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.246.58.59/; sid:900621423; rev:1;) alert tcp $HOME_NET any -> [94.103.94.87] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.87/; sid:900621382; rev:1;) alert tcp $HOME_NET any -> [82.118.21.35] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.118.21.35/; sid:900621381; rev:1;) alert tcp $HOME_NET any -> [71.43.69.2] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.69.2/; sid:900621424; rev:1;) alert tcp $HOME_NET any -> [105.228.3.127] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.3.127/; sid:900621378; rev:1;) alert tcp $HOME_NET any -> [23.95.95.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.95.95.18/; sid:900621379; rev:1;) alert tcp $HOME_NET any -> [5.188.108.30] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.30/; sid:900621380; rev:1;) alert tcp $HOME_NET any -> [185.252.144.25] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.252.144.25/; sid:900621383; rev:1;) alert tcp $HOME_NET any -> [164.132.216.57] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.216.57/; sid:900621377; rev:1;) alert tcp $HOME_NET any -> [78.155.199.57] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.199.57/; sid:900621384; rev:1;) alert tcp $HOME_NET any -> [37.18.30.51] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.18.30.51/; sid:900621389; rev:1;) alert tcp $HOME_NET any -> [185.61.149.169] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.61.149.169/; sid:900621375; rev:1;) alert tcp $HOME_NET any -> [134.209.14.155] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.209.14.155/; sid:900621373; rev:1;) alert tcp $HOME_NET any -> [74.207.227.96] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.207.227.96/; sid:900621374; rev:1;) alert tcp $HOME_NET any -> [107.173.104.139] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.173.104.139/; sid:900621369; rev:1;) alert tcp $HOME_NET any -> [94.103.94.49] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.103.94.49/; sid:900621366; rev:1;) alert tcp $HOME_NET any -> [195.123.237.9] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.237.9/; sid:900621368; rev:1;) alert tcp $HOME_NET any -> [162.244.32.212] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.244.32.212/; sid:900621367; rev:1;) alert tcp $HOME_NET any -> [37.220.0.62] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.220.0.62/; sid:900621365; rev:1;) alert tcp $HOME_NET any -> [37.44.215.151] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.151/; sid:900621364; rev:1;) alert tcp $HOME_NET any -> [152.89.245.196] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.89.245.196/; sid:900621371; rev:1;) alert tcp $HOME_NET any -> [37.44.215.207] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.207/; sid:900621372; rev:1;) alert tcp $HOME_NET any -> [89.223.91.12] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.91.12/; sid:900621393; rev:1;) alert tcp $HOME_NET any -> [5.206.225.10] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.206.225.10/; sid:900621419; rev:1;) alert tcp $HOME_NET any -> [185.251.39.162] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.251.39.162/; sid:900621418; rev:1;) alert tcp $HOME_NET any -> [92.38.135.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.212/; sid:900621370; rev:1;) alert tcp $HOME_NET any -> [185.86.149.40] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.86.149.40/; sid:900621376; rev:1;) alert tcp $HOME_NET any -> [76.86.20.103] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.86.20.103/; sid:900621412; rev:1;) alert tcp $HOME_NET any -> [107.181.175.122] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.181.175.122/; sid:900621391; rev:1;) alert tcp $HOME_NET any -> [186.42.186.202] 449 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.42.186.202/; sid:900622024; rev:1;) alert tcp $HOME_NET any -> [89.223.30.84] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.223.30.84/; sid:900621363; rev:1;) alert tcp $HOME_NET any -> [81.177.136.16] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.177.136.16/; sid:900621425; rev:1;) alert tcp $HOME_NET any -> [181.31.49.178] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.49.178/; sid:900621343; rev:1;) alert tcp $HOME_NET any -> [200.80.198.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.80.198.34/; sid:900621345; rev:1;) alert tcp $HOME_NET any -> [181.211.130.109] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.211.130.109/; sid:900621347; rev:1;) alert tcp $HOME_NET any -> [186.71.75.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.75.2/; sid:900621344; rev:1;) alert tcp $HOME_NET any -> [86.155.233.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.155.233.74/; sid:900621349; rev:1;) alert tcp $HOME_NET any -> [81.143.213.156] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.143.213.156/; sid:900621348; rev:1;) alert tcp $HOME_NET any -> [37.44.215.133] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.215.133/; sid:900621362; rev:1;) alert tcp $HOME_NET any -> [181.175.142.212] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.175.142.212/; sid:900621339; rev:1;) alert tcp $HOME_NET any -> [159.192.229.157] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.192.229.157/; sid:900621338; rev:1;) alert tcp $HOME_NET any -> [45.55.201.204] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.55.201.204/; sid:900621341; rev:1;) alert tcp $HOME_NET any -> [189.154.42.168] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.42.168/; sid:900621340; rev:1;) alert tcp $HOME_NET any -> [69.251.12.43] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.251.12.43/; sid:900621342; rev:1;) alert tcp $HOME_NET any -> [80.0.106.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.0.106.83/; sid:900621346; rev:1;) alert tcp $HOME_NET any -> [194.32.79.218] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.32.79.218/; sid:900621361; rev:1;) alert tcp $HOME_NET any -> [92.38.135.205] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.38.135.205/; sid:900621413; rev:1;) alert tcp $HOME_NET any -> [195.54.163.5] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.54.163.5/; sid:900621359; rev:1;) alert tcp $HOME_NET any -> [95.213.191.109] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.213.191.109/; sid:900621357; rev:1;) alert tcp $HOME_NET any -> [89.134.144.41] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.134.144.41/; sid:900621336; rev:1;) alert tcp $HOME_NET any -> [187.190.237.104] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.190.237.104/; sid:900621330; rev:1;) alert tcp $HOME_NET any -> [190.123.35.82] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.123.35.82/; sid:900621331; rev:1;) alert tcp $HOME_NET any -> [216.154.222.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.154.222.52/; sid:900621332; rev:1;) alert tcp $HOME_NET any -> [81.213.182.115] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.213.182.115/; sid:900621333; rev:1;) alert tcp $HOME_NET any -> [134.101.222.153] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.101.222.153/; sid:900982892; rev:1;) alert tcp $HOME_NET any -> [181.164.227.212] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.164.227.212/; sid:900621329; rev:1;) alert tcp $HOME_NET any -> [103.251.176.34] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.251.176.34/; sid:900621326; rev:1;) alert tcp $HOME_NET any -> [186.50.124.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.50.124.246/; sid:900621327; rev:1;) alert tcp $HOME_NET any -> [73.189.66.63] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.189.66.63/; sid:900621328; rev:1;) alert tcp $HOME_NET any -> [37.228.119.247] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.228.119.247/; sid:900621358; rev:1;) alert tcp $HOME_NET any -> [217.113.27.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.113.27.158/; sid:900621334; rev:1;) alert tcp $HOME_NET any -> [219.74.237.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/219.74.237.49/; sid:900621350; rev:1;) alert tcp $HOME_NET any -> [5.188.108.22] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.188.108.22/; sid:900621356; rev:1;) alert tcp $HOME_NET any -> [187.178.9.19] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.178.9.19/; sid:900621324; rev:1;) alert tcp $HOME_NET any -> [45.73.124.235] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.73.124.235/; sid:900621325; rev:1;) alert tcp $HOME_NET any -> [163.18.23.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/163.18.23.242/; sid:900980573; rev:1;) alert tcp $HOME_NET any -> [189.143.52.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.143.52.49/; sid:900980555; rev:1;) alert tcp $HOME_NET any -> [71.244.60.230] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.244.60.230/; sid:901005105; rev:1;) alert tcp $HOME_NET any -> [138.68.13.161] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.68.13.161/; sid:900621321; rev:1;) alert tcp $HOME_NET any -> [207.44.45.27] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.44.45.27/; sid:900980430; rev:1;) alert tcp $HOME_NET any -> [90.57.69.215] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.57.69.215/; sid:900980426; rev:1;) alert tcp $HOME_NET any -> [31.179.135.186] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.179.135.186/; sid:900621335; rev:1;) alert tcp $HOME_NET any -> [51.38.101.194] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/51.38.101.194/; sid:900621490; rev:1;) alert tcp $HOME_NET any -> [81.183.213.36] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.183.213.36/; sid:900621318; rev:1;) alert tcp $HOME_NET any -> [181.143.101.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.143.101.18/; sid:900621310; rev:1;) alert tcp $HOME_NET any -> [185.129.93.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.129.93.140/; sid:900621317; rev:1;) alert tcp $HOME_NET any -> [205.186.154.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.186.154.130/; sid:900979322; rev:1;) alert tcp $HOME_NET any -> [190.13.211.174] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.13.211.174/; sid:900621312; rev:1;) alert tcp $HOME_NET any -> [41.184.246.205] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.184.246.205/; sid:900979246; rev:1;) alert tcp $HOME_NET any -> [94.59.49.76] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.59.49.76/; sid:900979245; rev:1;) alert tcp $HOME_NET any -> [105.247.109.117] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.247.109.117/; sid:900621319; rev:1;) alert tcp $HOME_NET any -> [134.196.53.52] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/134.196.53.52/; sid:900621307; rev:1;) alert tcp $HOME_NET any -> [195.123.240.58] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.123.240.58/; sid:900621360; rev:1;) alert tcp $HOME_NET any -> [191.97.116.232] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.97.116.232/; sid:900621315; rev:1;) alert tcp $HOME_NET any -> [217.92.171.167] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.92.171.167/; sid:900621313; rev:1;) alert tcp $HOME_NET any -> [186.121.223.131] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.121.223.131/; sid:900621311; rev:1;) alert tcp $HOME_NET any -> [187.242.204.142] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.242.204.142/; sid:900621316; rev:1;) alert tcp $HOME_NET any -> [201.238.152.20] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.152.20/; sid:900621304; rev:1;) alert tcp $HOME_NET any -> [46.100.165.6] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.100.165.6/; sid:900977243; rev:1;) alert tcp $HOME_NET any -> [169.239.182.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/169.239.182.217/; sid:900977242; rev:1;) alert tcp $HOME_NET any -> [88.198.62.227] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.198.62.227/; sid:900621302; rev:1;) alert tcp $HOME_NET any -> [186.31.189.232] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.31.189.232/; sid:900621300; rev:1;) alert tcp $HOME_NET any -> [86.97.246.229] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.97.246.229/; sid:900621301; rev:1;) alert tcp $HOME_NET any -> [190.72.136.214] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.72.136.214/; sid:900621308; rev:1;) alert tcp $HOME_NET any -> [183.82.100.135] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.100.135/; sid:900621298; rev:1;) alert tcp $HOME_NET any -> [182.176.132.213] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.132.213/; sid:900621297; rev:1;) alert tcp $HOME_NET any -> [211.252.7.11] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.252.7.11/; sid:900974780; rev:1;) alert tcp $HOME_NET any -> [186.56.192.241] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.56.192.241/; sid:900974768; rev:1;) alert tcp $HOME_NET any -> [187.192.147.246] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.147.246/; sid:900974766; rev:1;) alert tcp $HOME_NET any -> [201.199.89.223] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.199.89.223/; sid:900621306; rev:1;) alert tcp $HOME_NET any -> [81.3.6.78] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.3.6.78/; sid:900972555; rev:1;) alert tcp $HOME_NET any -> [200.59.189.217] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.59.189.217/; sid:900972542; rev:1;) alert tcp $HOME_NET any -> [186.150.97.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.150.97.69/; sid:900972527; rev:1;) alert tcp $HOME_NET any -> [136.243.177.26] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.177.26/; sid:900972512; rev:1;) alert tcp $HOME_NET any -> [222.214.218.136] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.214.218.136/; sid:900621286; rev:1;) alert tcp $HOME_NET any -> [190.53.135.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.53.135.159/; sid:900621282; rev:1;) alert tcp $HOME_NET any -> [177.246.193.139] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.246.193.139/; sid:900621280; rev:1;) alert tcp $HOME_NET any -> [201.97.131.88] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.131.88/; sid:900621284; rev:1;) alert tcp $HOME_NET any -> [88.21.212.13] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.21.212.13/; sid:900621291; rev:1;) alert tcp $HOME_NET any -> [68.52.43.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.52.43.253/; sid:900621290; rev:1;) alert tcp $HOME_NET any -> [38.143.223.215] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.143.223.215/; sid:900621287; rev:1;) alert tcp $HOME_NET any -> [181.110.239.26] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.110.239.26/; sid:900621303; rev:1;) alert tcp $HOME_NET any -> [181.39.134.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.134.122/; sid:900621281; rev:1;) alert tcp $HOME_NET any -> [181.16.127.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.16.127.226/; sid:900621293; rev:1;) alert tcp $HOME_NET any -> [94.14.58.32] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.14.58.32/; sid:900970717; rev:1;) alert tcp $HOME_NET any -> [201.217.67.3] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.217.67.3/; sid:900621283; rev:1;) alert tcp $HOME_NET any -> [62.75.146.221] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.146.221/; sid:900621288; rev:1;) alert tcp $HOME_NET any -> [148.244.114.49] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/148.244.114.49/; sid:900621279; rev:1;) alert tcp $HOME_NET any -> [206.212.248.178] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.212.248.178/; sid:900621285; rev:1;) alert tcp $HOME_NET any -> [181.15.243.22] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.243.22/; sid:900621320; rev:1;) alert tcp $HOME_NET any -> [83.110.195.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.195.120/; sid:900621292; rev:1;) alert tcp $HOME_NET any -> [37.59.1.74] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.59.1.74/; sid:900622123; rev:1;) alert tcp $HOME_NET any -> [91.83.93.124] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.83.93.124/; sid:900970548; rev:1;) alert tcp $HOME_NET any -> [105.224.171.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.171.102/; sid:900621276; rev:1;) alert tcp $HOME_NET any -> [203.25.159.3] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.25.159.3/; sid:900970540; rev:1;) alert tcp $HOME_NET any -> [200.127.0.8] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.127.0.8/; sid:900621277; rev:1;) alert tcp $HOME_NET any -> [218.161.88.253] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.161.88.253/; sid:900621278; rev:1;) alert tcp $HOME_NET any -> [78.155.207.144] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.155.207.144/; sid:900621420; rev:1;) alert tcp $HOME_NET any -> [177.242.202.30] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.202.30/; sid:900621272; rev:1;) alert tcp $HOME_NET any -> [181.63.2.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.63.2.226/; sid:900967420; rev:1;) alert tcp $HOME_NET any -> [183.82.110.170] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.110.170/; sid:900621273; rev:1;) alert tcp $HOME_NET any -> [87.106.23.241] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.23.241/; sid:900621270; rev:1;) alert tcp $HOME_NET any -> [186.113.19.171] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.113.19.171/; sid:900967394; rev:1;) alert tcp $HOME_NET any -> [194.87.93.18] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.87.93.18/; sid:900621355; rev:1;) alert tcp $HOME_NET any -> [188.138.91.26] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.138.91.26/; sid:900621269; rev:1;) alert tcp $HOME_NET any -> [164.132.138.141] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.141/; sid:900621354; rev:1;) alert tcp $HOME_NET any -> [190.180.52.146] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.180.52.146/; sid:900621296; rev:1;) alert tcp $HOME_NET any -> [201.231.44.78] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.231.44.78/; sid:900621268; rev:1;) alert tcp $HOME_NET any -> [103.255.150.84] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.255.150.84/; sid:900961014; rev:1;) alert tcp $HOME_NET any -> [189.213.208.168] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.208.168/; sid:900621254; rev:1;) alert tcp $HOME_NET any -> [201.203.99.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.203.99.129/; sid:900621255; rev:1;) alert tcp $HOME_NET any -> [217.199.175.216] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.199.175.216/; sid:900621259; rev:1;) alert tcp $HOME_NET any -> [216.98.148.136] 4143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.136/; sid:900621256; rev:1;) alert tcp $HOME_NET any -> [111.67.12.221] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.67.12.221/; sid:900621253; rev:1;) alert tcp $HOME_NET any -> [159.65.22.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.65.22.223/; sid:900621261; rev:1;) alert tcp $HOME_NET any -> [185.198.57.70] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.198.57.70/; sid:900621805; rev:1;) alert tcp $HOME_NET any -> [186.159.1.217] 8082 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.159.1.217/; sid:900621977; rev:1;) alert tcp $HOME_NET any -> [189.183.234.170] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.183.234.170/; sid:900621262; rev:1;) alert tcp $HOME_NET any -> [24.139.205.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.139.205.186/; sid:900621263; rev:1;) alert tcp $HOME_NET any -> [200.45.57.96] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.45.57.96/; sid:900621265; rev:1;) alert tcp $HOME_NET any -> [200.58.171.51] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.58.171.51/; sid:900952586; rev:1;) alert tcp $HOME_NET any -> [84.241.10.111] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.241.10.111/; sid:900952489; rev:1;) alert tcp $HOME_NET any -> [119.155.153.14] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.155.153.14/; sid:900621251; rev:1;) alert tcp $HOME_NET any -> [189.134.78.42] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.134.78.42/; sid:900952461; rev:1;) alert tcp $HOME_NET any -> [37.211.38.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.211.38.50/; sid:900952458; rev:1;) alert tcp $HOME_NET any -> [115.132.227.247] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.132.227.247/; sid:900621258; rev:1;) alert tcp $HOME_NET any -> [190.85.206.228] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.206.228/; sid:900621248; rev:1;) alert tcp $HOME_NET any -> [159.69.211.211] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.69.211.211/; sid:900621252; rev:1;) alert tcp $HOME_NET any -> [222.104.222.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/222.104.222.145/; sid:900621250; rev:1;) alert tcp $HOME_NET any -> [189.196.140.187] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.196.140.187/; sid:900621247; rev:1;) alert tcp $HOME_NET any -> [192.227.232.63] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.227.232.63/; sid:900621353; rev:1;) alert tcp $HOME_NET any -> [185.243.115.149] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.243.115.149/; sid:900621394; rev:1;) alert tcp $HOME_NET any -> [178.152.78.149] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.152.78.149/; sid:900621245; rev:1;) alert tcp $HOME_NET any -> [75.177.169.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.177.169.225/; sid:900621260; rev:1;) alert tcp $HOME_NET any -> [217.199.175.217] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.199.175.217/; sid:900621249; rev:1;) alert tcp $HOME_NET any -> [164.132.138.134] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.134/; sid:900621352; rev:1;) alert tcp $HOME_NET any -> [78.188.7.213] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.188.7.213/; sid:900621241; rev:1;) alert tcp $HOME_NET any -> [117.196.47.110] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.196.47.110/; sid:900949734; rev:1;) alert tcp $HOME_NET any -> [176.63.173.71] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.63.173.71/; sid:900621243; rev:1;) alert tcp $HOME_NET any -> [186.85.38.31] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.85.38.31/; sid:900621242; rev:1;) alert tcp $HOME_NET any -> [182.188.47.206] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.188.47.206/; sid:900621244; rev:1;) alert tcp $HOME_NET any -> [69.45.19.252] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.45.19.252/; sid:900621240; rev:1;) alert tcp $HOME_NET any -> [185.183.97.173] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.183.97.173/; sid:900621480; rev:1;) alert tcp $HOME_NET any -> [85.132.96.242] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.132.96.242/; sid:900621257; rev:1;) alert tcp $HOME_NET any -> [181.199.151.19] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.199.151.19/; sid:900621246; rev:1;) alert tcp $HOME_NET any -> [122.254.81.113] 52087 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.254.81.113/; sid:900942602; rev:1;) alert tcp $HOME_NET any -> [199.159.9.41] 7465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.159.9.41/; sid:900942601; rev:1;) alert tcp $HOME_NET any -> [176.132.140.130] 21521 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.132.140.130/; sid:900942600; rev:1;) alert tcp $HOME_NET any -> [199.191.27.152] 11625 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.191.27.152/; sid:900942598; rev:1;) alert tcp $HOME_NET any -> [110.254.84.1] 16951 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.254.84.1/; sid:900942599; rev:1;) alert tcp $HOME_NET any -> [6.6.6.160] 21585 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.160/; sid:900942597; rev:1;) alert tcp $HOME_NET any -> [73.253.115.255] 24900 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.253.115.255/; sid:900942596; rev:1;) alert tcp $HOME_NET any -> [88.144.142.65] 31175 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.144.142.65/; sid:900942595; rev:1;) alert tcp $HOME_NET any -> [132.139.215.46] 37272 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.139.215.46/; sid:900942594; rev:1;) alert tcp $HOME_NET any -> [113.188.147.255] 55724 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.188.147.255/; sid:900942593; rev:1;) alert tcp $HOME_NET any -> [190.138.205.232] 59847 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.138.205.232/; sid:900942592; rev:1;) alert tcp $HOME_NET any -> [132.139.251.235] 16776 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.139.251.235/; sid:900942591; rev:1;) alert tcp $HOME_NET any -> [141.19.67.78] 32900 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.19.67.78/; sid:900942590; rev:1;) alert tcp $HOME_NET any -> [216.57.199.78] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.57.199.78/; sid:900942589; rev:1;) alert tcp $HOME_NET any -> [84.241.120.132] 53758 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.241.120.132/; sid:900942588; rev:1;) alert tcp $HOME_NET any -> [124.3.255.251] 50297 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.3.255.251/; sid:900942587; rev:1;) alert tcp $HOME_NET any -> [75.175.99.254] 50985 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.175.99.254/; sid:900942586; rev:1;) alert tcp $HOME_NET any -> [139.168.2.220] 28804 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.168.2.220/; sid:900942585; rev:1;) alert tcp $HOME_NET any -> [232.105.199.80] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/232.105.199.80/; sid:900942584; rev:1;) alert tcp $HOME_NET any -> [85.129.104.132] 53246 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.129.104.132/; sid:900942583; rev:1;) alert tcp $HOME_NET any -> [167.147.255.251] 46725 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/167.147.255.251/; sid:900942582; rev:1;) alert tcp $HOME_NET any -> [199.158.231.254] 51188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.158.231.254/; sid:900942581; rev:1;) alert tcp $HOME_NET any -> [6.96.132.140] 1542 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.96.132.140/; sid:900942580; rev:1;) alert tcp $HOME_NET any -> [115.255.251.247] 36191 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.255.251.247/; sid:900942579; rev:1;) alert tcp $HOME_NET any -> [120.234.254.85] 6779 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/120.234.254.85/; sid:900942578; rev:1;) alert tcp $HOME_NET any -> [6.6.6.15] 65533 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.15/; sid:900940184; rev:1;) alert tcp $HOME_NET any -> [211.122.254.81] 37579 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.122.254.81/; sid:900940183; rev:1;) alert tcp $HOME_NET any -> [234.251.164.38] 33930 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.251.164.38/; sid:900940182; rev:1;) alert tcp $HOME_NET any -> [141.199.159.10] 64798 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.199.159.10/; sid:900940181; rev:1;) alert tcp $HOME_NET any -> [181.176.132.139] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.176.132.139/; sid:900940180; rev:1;) alert tcp $HOME_NET any -> [183.255.253.38] 59489 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.255.253.38/; sid:900940179; rev:1;) alert tcp $HOME_NET any -> [147.110.254.83] 321 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/147.110.254.83/; sid:900940178; rev:1;) alert tcp $HOME_NET any -> [155.240.194.79] 33932 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/155.240.194.79/; sid:900940177; rev:1;) alert tcp $HOME_NET any -> [205.199.191.28] 64814 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/205.199.191.28/; sid:900940176; rev:1;) alert tcp $HOME_NET any -> [215.255.253.54] 18942 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.255.253.54/; sid:900940175; rev:1;) alert tcp $HOME_NET any -> [42.65.254.83] 22672 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.65.254.83/; sid:900940174; rev:1;) alert tcp $HOME_NET any -> [6.6.6.243] 33931 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.243/; sid:900940173; rev:1;) alert tcp $HOME_NET any -> [62.254.83.85] 60828 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.254.83.85/; sid:900940172; rev:1;) alert tcp $HOME_NET any -> [161.67.218.27] 19911 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.67.218.27/; sid:900938292; rev:1;) alert tcp $HOME_NET any -> [132.137.245.151] 62960 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.137.245.151/; sid:900938291; rev:1;) alert tcp $HOME_NET any -> [113.20.167.255] 52470 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.20.167.255/; sid:900938290; rev:1;) alert tcp $HOME_NET any -> [76.212.20.19] 36295 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.212.20.19/; sid:900938289; rev:1;) alert tcp $HOME_NET any -> [80.181.224.132] 1790 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.181.224.132/; sid:900938288; rev:1;) alert tcp $HOME_NET any -> [162.215.255.252] 16582 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.215.255.252/; sid:900938287; rev:1;) alert tcp $HOME_NET any -> [47.6.116.254] 51042 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.6.116.254/; sid:900938286; rev:1;) alert tcp $HOME_NET any -> [138.57.185.83] 55428 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.57.185.83/; sid:900938285; rev:1;) alert tcp $HOME_NET any -> [119.205.199.49] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.205.199.49/; sid:900938284; rev:1;) alert tcp $HOME_NET any -> [80.213.208.132] 5374 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.213.208.132/; sid:900938283; rev:1;) alert tcp $HOME_NET any -> [174.247.255.252] 1018 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.247.255.252/; sid:900938282; rev:1;) alert tcp $HOME_NET any -> [132.176.70.254] 51179 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.176.70.254/; sid:900938281; rev:1;) alert tcp $HOME_NET any -> [137.106.154.40] 51332 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.106.154.40/; sid:900938280; rev:1;) alert tcp $HOME_NET any -> [136.13.199.172] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.13.199.172/; sid:900938279; rev:1;) alert tcp $HOME_NET any -> [81.245.192.132] 62718 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.245.192.132/; sid:900938278; rev:1;) alert tcp $HOME_NET any -> [61.247.255.253] 64151 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.247.255.253/; sid:900938277; rev:1;) alert tcp $HOME_NET any -> [61.199.146.203] 1551 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.199.146.203/; sid:900938276; rev:1;) alert tcp $HOME_NET any -> [197.184.132.138] 65105 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.184.132.138/; sid:900938275; rev:1;) alert tcp $HOME_NET any -> [141.226.254.83] 40714 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.226.254.83/; sid:900938274; rev:1;) alert tcp $HOME_NET any -> [54.60.232.97] 33931 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.60.232.97/; sid:900938273; rev:1;) alert tcp $HOME_NET any -> [141.199.1.65] 64806 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.199.1.65/; sid:900938272; rev:1;) alert tcp $HOME_NET any -> [117.168.132.140] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.168.132.140/; sid:900938271; rev:1;) alert tcp $HOME_NET any -> [231.255.253.46] 49743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/231.255.253.46/; sid:900938270; rev:1;) alert tcp $HOME_NET any -> [28.248.254.83] 48924 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.248.254.83/; sid:900938269; rev:1;) alert tcp $HOME_NET any -> [37.152.132.139] 65107 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.152.132.139/; sid:900938268; rev:1;) alert tcp $HOME_NET any -> [46.84.207.55] 1779 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.84.207.55/; sid:900938267; rev:1;) alert tcp $HOME_NET any -> [199.208.237.156] 16141 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.208.237.156/; sid:900938266; rev:1;) alert tcp $HOME_NET any -> [32.132.134.171] 19958 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/32.132.134.171/; sid:900938265; rev:1;) alert tcp $HOME_NET any -> [101.72.3.183] 35179 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/101.72.3.183/; sid:900938264; rev:1;) alert tcp $HOME_NET any -> [199.126.218.69] 46221 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.126.218.69/; sid:900938263; rev:1;) alert tcp $HOME_NET any -> [16.132.136.171] 20950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.132.136.171/; sid:900938262; rev:1;) alert tcp $HOME_NET any -> [47.254.81.246] 39464 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.254.81.246/; sid:900938261; rev:1;) alert tcp $HOME_NET any -> [6.6.6.39] 35321 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.39/; sid:900938260; rev:1;) alert tcp $HOME_NET any -> [215.251.55.255] 27371 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.251.55.255/; sid:900938259; rev:1;) alert tcp $HOME_NET any -> [238.118.184.234] 64967 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/238.118.184.234/; sid:900938258; rev:1;) alert tcp $HOME_NET any -> [132.137.55.206] 17912 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.137.55.206/; sid:900938257; rev:1;) alert tcp $HOME_NET any -> [20.54.247.255] 62871 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.54.247.255/; sid:900938256; rev:1;) alert tcp $HOME_NET any -> [108.127.219.199] 19911 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.127.219.199/; sid:900938255; rev:1;) alert tcp $HOME_NET any -> [132.136.204.246] 62952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.136.204.246/; sid:900938254; rev:1;) alert tcp $HOME_NET any -> [6.6.6.254] 5139 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.6.6.254/; sid:900938253; rev:1;) alert tcp $HOME_NET any -> [136.152.64.198] 57476 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.152.64.198/; sid:900938252; rev:1;) alert tcp $HOME_NET any -> [111.189.199.98] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.189.199.98/; sid:900938251; rev:1;) alert tcp $HOME_NET any -> [80.229.216.132] 29950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.229.216.132/; sid:900938250; rev:1;) alert tcp $HOME_NET any -> [42.247.255.252] 47443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/42.247.255.252/; sid:900938249; rev:1;) alert tcp $HOME_NET any -> [99.59.20.254] 50993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.59.20.254/; sid:900938248; rev:1;) alert tcp $HOME_NET any -> [136.229.3.250] 53380 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.229.3.250/; sid:900938247; rev:1;) alert tcp $HOME_NET any -> [128.13.199.235] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/128.13.199.235/; sid:900938246; rev:1;) alert tcp $HOME_NET any -> [81.53.200.132] 18174 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.53.200.132/; sid:900938245; rev:1;) alert tcp $HOME_NET any -> [16.71.255.252] 39464 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/16.71.255.252/; sid:900938244; rev:1;) alert tcp $HOME_NET any -> [56.202.244.254] 51116 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/56.202.244.254/; sid:900938243; rev:1;) alert tcp $HOME_NET any -> [138.1.250.151] 49284 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.1.250.151/; sid:900938242; rev:1;) alert tcp $HOME_NET any -> [83.110.155.238] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.155.238/; sid:900937236; rev:1;) alert tcp $HOME_NET any -> [86.99.35.122] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.99.35.122/; sid:900621237; rev:1;) alert tcp $HOME_NET any -> [213.14.166.152] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.14.166.152/; sid:900621235; rev:1;) alert tcp $HOME_NET any -> [77.111.149.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.111.149.55/; sid:900937208; rev:1;) alert tcp $HOME_NET any -> [191.92.69.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.92.69.115/; sid:900621236; rev:1;) alert tcp $HOME_NET any -> [159.0.130.149] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/159.0.130.149/; sid:900621233; rev:1;) alert tcp $HOME_NET any -> [72.3.91.255] 1893 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.3.91.255/; sid:900935467; rev:1;) alert tcp $HOME_NET any -> [126.218.169.249] 57799 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.218.169.249/; sid:900935466; rev:1;) alert tcp $HOME_NET any -> [186.73.43.255] 5415 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.73.43.255/; sid:900935464; rev:1;) alert tcp $HOME_NET any -> [132.136.71.115] 23056 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.136.71.115/; sid:900935465; rev:1;) alert tcp $HOME_NET any -> [139.111.65.14] 25031 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.111.65.14/; sid:900935463; rev:1;) alert tcp $HOME_NET any -> [132.138.6.235] 23040 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/132.138.6.235/; sid:900935462; rev:1;) alert tcp $HOME_NET any -> [6.187.255.252] 1542 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/6.187.255.252/; sid:900935461; rev:1;) alert tcp $HOME_NET any -> [118.84.234.254] 51182 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.84.234.254/; sid:900935460; rev:1;) alert tcp $HOME_NET any -> [137.187.206.112] 63620 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.187.206.112/; sid:900935459; rev:1;) alert tcp $HOME_NET any -> [84.161.199.161] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/84.161.199.161/; sid:900935458; rev:1;) alert tcp $HOME_NET any -> [81.249.240.132] 7166 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.249.240.132/; sid:900935457; rev:1;) alert tcp $HOME_NET any -> [55.27.255.252] 38676 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/55.27.255.252/; sid:900935456; rev:1;) alert tcp $HOME_NET any -> [126.87.199.254] 51052 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.87.199.254/; sid:900935455; rev:1;) alert tcp $HOME_NET any -> [138.32.246.113] 59524 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.32.246.113/; sid:900935454; rev:1;) alert tcp $HOME_NET any -> [102.225.199.76] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/102.225.199.76/; sid:900935453; rev:1;) alert tcp $HOME_NET any -> [82.89.224.132] 5118 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.89.224.132/; sid:900935452; rev:1;) alert tcp $HOME_NET any -> [164.91.255.252] 16582 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.91.255.252/; sid:900935451; rev:1;) alert tcp $HOME_NET any -> [47.234.116.254] 51042 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.234.116.254/; sid:900935450; rev:1;) alert tcp $HOME_NET any -> [9.216.132.136] 1618 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.216.132.136/; sid:900935449; rev:1;) alert tcp $HOME_NET any -> [27.255.252.119] 21292 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.255.252.119/; sid:900935448; rev:1;) alert tcp $HOME_NET any -> [215.20.254.82] 12643 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.20.254.82/; sid:900935447; rev:1;) alert tcp $HOME_NET any -> [137.3.250.176] 33930 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.3.250.176/; sid:900935446; rev:1;) alert tcp $HOME_NET any -> [113.199.235.134] 64639 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.235.134/; sid:900935445; rev:1;) alert tcp $HOME_NET any -> [217.200.132.138] 65105 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.200.132.138/; sid:900935444; rev:1;) alert tcp $HOME_NET any -> [171.255.252.135] 10254 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.255.252.135/; sid:900935443; rev:1;) alert tcp $HOME_NET any -> [38.244.254.81] 44089 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/38.244.254.81/; sid:900935442; rev:1;) alert tcp $HOME_NET any -> [221.250.151.61] 33929 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/221.250.151.61/; sid:900935441; rev:1;) alert tcp $HOME_NET any -> [161.199.146.204] 64783 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/161.199.146.204/; sid:900935440; rev:1;) alert tcp $HOME_NET any -> [41.184.132.139] 65106 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.184.132.139/; sid:900935439; rev:1;) alert tcp $HOME_NET any -> [178.79.161.166] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.79.161.166/; sid:900622748; rev:1;) alert tcp $HOME_NET any -> [199.61.142.8] 12785 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.61.142.8/; sid:900934216; rev:1;) alert tcp $HOME_NET any -> [57.216.107.255] 5971 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/57.216.107.255/; sid:900934215; rev:1;) alert tcp $HOME_NET any -> [60.115.138.250] 61895 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.115.138.250/; sid:900934214; rev:1;) alert tcp $HOME_NET any -> [133.20.87.101] 6680 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.87.101/; sid:900934213; rev:1;) alert tcp $HOME_NET any -> [180.30.11.255] 6003 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.30.11.255/; sid:900934212; rev:1;) alert tcp $HOME_NET any -> [9.31.148.47] 16839 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.31.148.47/; sid:900934211; rev:1;) alert tcp $HOME_NET any -> [133.20.69.39] 18952 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.69.39/; sid:900934210; rev:1;) alert tcp $HOME_NET any -> [215.133.5.5] 55019 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/215.133.5.5/; sid:900934209; rev:1;) alert tcp $HOME_NET any -> [210.177.199.239] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/210.177.199.239/; sid:900934208; rev:1;) alert tcp $HOME_NET any -> [199.121.248.133] 60158 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.121.248.133/; sid:900934207; rev:1;) alert tcp $HOME_NET any -> [31.139.255.252] 52849 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.139.255.252/; sid:900934206; rev:1;) alert tcp $HOME_NET any -> [189.102.27.254] 51104 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.102.27.254/; sid:900934205; rev:1;) alert tcp $HOME_NET any -> [194.5.250.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/194.5.250.126/; sid:900622777; rev:1;) alert tcp $HOME_NET any -> [40.133.19.84] 52106 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/40.133.19.84/; sid:900931459; rev:1;) alert tcp $HOME_NET any -> [103.201.150.209] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.201.150.209/; sid:900931028; rev:1;) alert tcp $HOME_NET any -> [190.171.230.41] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.171.230.41/; sid:900931027; rev:1;) alert tcp $HOME_NET any -> [103.213.212.42] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.213.212.42/; sid:900931025; rev:1;) alert tcp $HOME_NET any -> [185.94.252.249] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.249/; sid:900621226; rev:1;) alert tcp $HOME_NET any -> [177.225.175.199] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.225.175.199/; sid:900621224; rev:1;) alert tcp $HOME_NET any -> [181.142.29.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.142.29.90/; sid:900621225; rev:1;) alert tcp $HOME_NET any -> [24.150.44.53] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.150.44.53/; sid:900621228; rev:1;) alert tcp $HOME_NET any -> [133.19.23.83] 18976 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.19.23.83/; sid:900930532; rev:1;) alert tcp $HOME_NET any -> [5.5.5.186] 36360 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.186/; sid:900930533; rev:1;) alert tcp $HOME_NET any -> [71.118.11.255] 22373 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.118.11.255/; sid:900930531; rev:1;) alert tcp $HOME_NET any -> [126.95.121.249] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/126.95.121.249/; sid:900930530; rev:1;) alert tcp $HOME_NET any -> [133.21.23.115] 59920 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.23.115/; sid:900930529; rev:1;) alert tcp $HOME_NET any -> [186.212.123.255] 17703 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.212.123.255/; sid:900929218; rev:1;) alert tcp $HOME_NET any -> [139.234.17.14] 29127 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.234.17.14/; sid:900929217; rev:1;) alert tcp $HOME_NET any -> [133.20.214.235] 35328 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.20.214.235/; sid:900929216; rev:1;) alert tcp $HOME_NET any -> [5.139.255.252] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.139.255.252/; sid:900929215; rev:1;) alert tcp $HOME_NET any -> [1.4.234.254] 51183 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.4.234.254/; sid:900929214; rev:1;) alert tcp $HOME_NET any -> [15.139.206.113] 63621 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.139.206.113/; sid:900929213; rev:1;) alert tcp $HOME_NET any -> [202.177.199.160] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.177.199.160/; sid:900929212; rev:1;) alert tcp $HOME_NET any -> [199.73.240.133] 7166 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.73.240.133/; sid:900929211; rev:1;) alert tcp $HOME_NET any -> [192.75.255.252] 38675 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.75.255.252/; sid:900929210; rev:1;) alert tcp $HOME_NET any -> [15.48.246.112] 59525 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.48.246.112/; sid:900929209; rev:1;) alert tcp $HOME_NET any -> [199.9.224.133] 5118 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.9.224.133/; sid:900929208; rev:1;) alert tcp $HOME_NET any -> [28.235.255.252] 16583 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.235.255.252/; sid:900929207; rev:1;) alert tcp $HOME_NET any -> [137.200.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.200.133.15/; sid:900929191; rev:1;) alert tcp $HOME_NET any -> [123.255.253.17] 10122 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/123.255.253.17/; sid:900929190; rev:1;) alert tcp $HOME_NET any -> [54.244.254.199] 43968 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.244.254.199/; sid:900929189; rev:1;) alert tcp $HOME_NET any -> [141.250.150.195] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/141.250.150.195/; sid:900929188; rev:1;) alert tcp $HOME_NET any -> [121.184.133.22] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.184.133.22/; sid:900929187; rev:1;) alert tcp $HOME_NET any -> [139.255.5.5] 41906 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.5.5/; sid:900929186; rev:1;) alert tcp $HOME_NET any -> [199.158.143.1] 41713 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.158.143.1/; sid:900929185; rev:1;) alert tcp $HOME_NET any -> [176.133.22.138] 52745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.133.22.138/; sid:900929184; rev:1;) alert tcp $HOME_NET any -> [110.254.206.9] 47151 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.254.206.9/; sid:900929183; rev:1;) alert tcp $HOME_NET any -> [199.190.165.144] 45937 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.190.165.144/; sid:900929182; rev:1;) alert tcp $HOME_NET any -> [160.133.22.73] 52809 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.133.22.73/; sid:900929181; rev:1;) alert tcp $HOME_NET any -> [65.254.206.153] 2454 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.254.206.153/; sid:900929180; rev:1;) alert tcp $HOME_NET any -> [46.84.73.139] 5583 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/46.84.73.139/; sid:900929179; rev:1;) alert tcp $HOME_NET any -> [199.208.115.48] 50353 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.208.115.48/; sid:900929178; rev:1;) alert tcp $HOME_NET any -> [5.5.5.144] 52585 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.144/; sid:900929177; rev:1;) alert tcp $HOME_NET any -> [114.70.139.255] 53676 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.70.139.255/; sid:900929176; rev:1;) alert tcp $HOME_NET any -> [234.234.219.80] 61895 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.234.219.80/; sid:900928985; rev:1;) alert tcp $HOME_NET any -> [145.200.123.255] 58347 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/145.200.123.255/; sid:900928986; rev:1;) alert tcp $HOME_NET any -> [133.23.27.67] 35200 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.23.27.67/; sid:900928984; rev:1;) alert tcp $HOME_NET any -> [122.6.11.255] 61892 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.6.11.255/; sid:900928983; rev:1;) alert tcp $HOME_NET any -> [41.213.119.99] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.213.119.99/; sid:900928982; rev:1;) alert tcp $HOME_NET any -> [133.21.160.2] 18800 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.160.2/; sid:900928981; rev:1;) alert tcp $HOME_NET any -> [28.69.207.254] 51025 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.69.207.254/; sid:900928980; rev:1;) alert tcp $HOME_NET any -> [22.146.182.134] 26757 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/22.146.182.134/; sid:900928979; rev:1;) alert tcp $HOME_NET any -> [105.177.199.244] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.177.199.244/; sid:900928978; rev:1;) alert tcp $HOME_NET any -> [207.137.96.133] 59390 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.137.96.133/; sid:900928977; rev:1;) alert tcp $HOME_NET any -> [229.107.255.251] 46221 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.107.255.251/; sid:900928976; rev:1;) alert tcp $HOME_NET any -> [1.160.234.254] 50971 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/1.160.234.254/; sid:900928975; rev:1;) alert tcp $HOME_NET any -> [23.147.214.94] 22661 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/23.147.214.94/; sid:900928974; rev:1;) alert tcp $HOME_NET any -> [121.241.199.74] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.241.199.74/; sid:900928973; rev:1;) alert tcp $HOME_NET any -> [207.105.80.133] 13310 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.105.80.133/; sid:900928972; rev:1;) alert tcp $HOME_NET any -> [189.139.255.251] 34600 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.139.255.251/; sid:900928971; rev:1;) alert tcp $HOME_NET any -> [36.18.165.254] 51161 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/36.18.165.254/; sid:900928970; rev:1;) alert tcp $HOME_NET any -> [109.187.254.204] 2354 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.187.254.204/; sid:900928968; rev:1;) alert tcp $HOME_NET any -> [5.5.5.20] 18565 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.20/; sid:900928969; rev:1;) alert tcp $HOME_NET any -> [165.218.138.154] 34068 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.218.138.154/; sid:900928967; rev:1;) alert tcp $HOME_NET any -> [113.199.6.41] 64781 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.6.41/; sid:900928966; rev:1;) alert tcp $HOME_NET any -> [121.56.133.21] 65228 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/121.56.133.21/; sid:900928965; rev:1;) alert tcp $HOME_NET any -> [139.255.253.37] 58805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.253.37/; sid:900928964; rev:1;) alert tcp $HOME_NET any -> [218.20.254.207] 33415 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/218.20.254.207/; sid:900928963; rev:1;) alert tcp $HOME_NET any -> [15.73.151.19] 61573 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.73.151.19/; sid:900928736; rev:1;) alert tcp $HOME_NET any -> [227.1.199.108] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/227.1.199.108/; sid:900928735; rev:1;) alert tcp $HOME_NET any -> [199.137.232.133] 51198 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.137.232.133/; sid:900928734; rev:1;) alert tcp $HOME_NET any -> [139.27.255.252] 63088 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.27.255.252/; sid:900928733; rev:1;) alert tcp $HOME_NET any -> [77.168.19.254] 51020 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.168.19.254/; sid:900928732; rev:1;) alert tcp $HOME_NET any -> [15.36.64.199] 57477 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/15.36.64.199/; sid:900928731; rev:1;) alert tcp $HOME_NET any -> [234.49.199.97] 65532 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.49.199.97/; sid:900928730; rev:1;) alert tcp $HOME_NET any -> [5.5.5.199] 29950 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.5.5.199/; sid:900928729; rev:1;) alert tcp $HOME_NET any -> [229.185.82.181] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/229.185.82.181/; sid:900928728; rev:1;) alert tcp $HOME_NET any -> [137.192.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.192.133.15/; sid:900928721; rev:1;) alert tcp $HOME_NET any -> [75.255.252.137] 38595 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.252.137/; sid:900928720; rev:1;) alert tcp $HOME_NET any -> [111.122.254.199] 37461 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/111.122.254.199/; sid:900928719; rev:1;) alert tcp $HOME_NET any -> [86.251.163.178] 34070 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.251.163.178/; sid:900928718; rev:1;) alert tcp $HOME_NET any -> [5.252.162.241] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.252.162.241/; sid:900928717; rev:1;) alert tcp $HOME_NET any -> [226.254.206.9] 36609 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/226.254.206.9/; sid:900928716; rev:1;) alert tcp $HOME_NET any -> [60.232.216.11] 5770 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.232.216.11/; sid:900928715; rev:1;) alert tcp $HOME_NET any -> [199.0.184.47] 39745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.0.184.47/; sid:900928714; rev:1;) alert tcp $HOME_NET any -> [168.133.21.39] 52745 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.133.21.39/; sid:900928713; rev:1;) alert tcp $HOME_NET any -> [199.89.9.150] 43889 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/199.89.9.150/; sid:900928711; rev:1;) alert tcp $HOME_NET any -> [152.133.21.207] 52889 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.133.21.207/; sid:900928710; rev:1;) alert tcp $HOME_NET any -> [62.254.205.105] 29488 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.254.205.105/; sid:900928709; rev:1;) alert tcp $HOME_NET any -> [133.22.209.172] 1424 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.22.209.172/; sid:900928708; rev:1;) alert tcp $HOME_NET any -> [191.16.213.232] 49607 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.16.213.232/; sid:900928400; rev:1;) alert tcp $HOME_NET any -> [133.21.227.235] 18824 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.21.227.235/; sid:900928399; rev:1;) alert tcp $HOME_NET any -> [78.87.11.255] 6979 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.87.11.255/; sid:900928398; rev:1;) alert tcp $HOME_NET any -> [133.22.241.196] 63864 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.22.241.196/; sid:900928396; rev:1;) alert tcp $HOME_NET any -> [79.38.82.209] 12743 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/79.38.82.209/; sid:900928397; rev:1;) alert tcp $HOME_NET any -> [220.204.75.255] 40962 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/220.204.75.255/; sid:900928395; rev:1;) alert tcp $HOME_NET any -> [81.166.231.254] 51188 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.166.231.254/; sid:900928391; rev:1;) alert tcp $HOME_NET any -> [28.155.255.251] 46726 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.155.255.251/; sid:900928392; rev:1;) alert tcp $HOME_NET any -> [129.177.199.27] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.177.199.27/; sid:900928389; rev:1;) alert tcp $HOME_NET any -> [22.178.180.141] 24709 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/22.178.180.141/; sid:900928390; rev:1;) alert tcp $HOME_NET any -> [138.75.255.251] 54878 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/138.75.255.251/; sid:900928387; rev:1;) alert tcp $HOME_NET any -> [207.89.88.133] 60158 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.89.88.133/; sid:900928388; rev:1;) alert tcp $HOME_NET any -> [125.1.199.217] 65531 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.1.199.217/; sid:900928385; rev:1;) alert tcp $HOME_NET any -> [20.105.135.40] 20613 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/20.105.135.40/; sid:900928386; rev:1;) alert tcp $HOME_NET any -> [204.9.72.133] 42494 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.9.72.133/; sid:900928384; rev:1;) alert tcp $HOME_NET any -> [133.196.58.95] 1300 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/133.196.58.95/; sid:900928383; rev:1;) alert tcp $HOME_NET any -> [49.199.9.50] 64405 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.199.9.50/; sid:900928382; rev:1;) alert tcp $HOME_NET any -> [75.255.253.13] 35482 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.253.13/; sid:900928380; rev:1;) alert tcp $HOME_NET any -> [9.64.133.20] 65228 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/9.64.133.20/; sid:900928381; rev:1;) alert tcp $HOME_NET any -> [49.24.229.181] 34069 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.24.229.181/; sid:900928378; rev:1;) alert tcp $HOME_NET any -> [28.101.254.204] 1577 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/28.101.254.204/; sid:900928379; rev:1;) alert tcp $HOME_NET any -> [113.199.130.135] 64805 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.130.135/; sid:900928377; rev:1;) alert tcp $HOME_NET any -> [137.48.133.23] 65231 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/137.48.133.23/; sid:900928376; rev:1;) alert tcp $HOME_NET any -> [139.255.253.30] 56562 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.253.30/; sid:900928375; rev:1;) alert tcp $HOME_NET any -> [234.141.254.207] 35815 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/234.141.254.207/; sid:900928374; rev:1;) alert tcp $HOME_NET any -> [5.129.199.81] 1285 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/5.129.199.81/; sid:900928275; rev:1;) alert tcp $HOME_NET any -> [207.137.104.133] 53246 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.137.104.133/; sid:900928274; rev:1;) alert tcp $HOME_NET any -> [68.73.131.107] 5705 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.73.131.107/; sid:900928273; rev:1;) alert tcp $HOME_NET any -> [113.199.49.220] 64770 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/113.199.49.220/; sid:900928202; rev:1;) alert tcp $HOME_NET any -> [105.208.133.15] 65223 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.208.133.15/; sid:900928201; rev:1;) alert tcp $HOME_NET any -> [139.255.252.250] 64297 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.255.252.250/; sid:900928200; rev:1;) alert tcp $HOME_NET any -> [12.70.254.199] 60411 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/12.70.254.199/; sid:900928199; rev:1;) alert tcp $HOME_NET any -> [86.154.39.138] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.154.39.138/; sid:900928198; rev:1;) alert tcp $HOME_NET any -> [177.199.171.192] 64785 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.199.171.192/; sid:900928197; rev:1;) alert tcp $HOME_NET any -> [89.216.133.15] 1479 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.216.133.15/; sid:900928067; rev:1;) alert tcp $HOME_NET any -> [168.122.116.254] 51041 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/168.122.116.254/; sid:900928068; rev:1;) alert tcp $HOME_NET any -> [135.20.254.199] 12764 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/135.20.254.199/; sid:900928065; rev:1;) alert tcp $HOME_NET any -> [75.255.253.2] 21173 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.255.253.2/; sid:900928066; rev:1;) alert tcp $HOME_NET any -> [89.3.251.41] 34063 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.3.251.41/; sid:900928064; rev:1;) alert tcp $HOME_NET any -> [129.199.235.251] 64762 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/129.199.235.251/; sid:900928063; rev:1;) alert tcp $HOME_NET any -> [50.101.180.172] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.101.180.172/; sid:900621221; rev:1;) alert tcp $HOME_NET any -> [119.93.243.2] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.93.243.2/; sid:900927991; rev:1;) alert tcp $HOME_NET any -> [177.230.108.144] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.230.108.144/; sid:900621219; rev:1;) alert tcp $HOME_NET any -> [212.22.215.140] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.22.215.140/; sid:900927980; rev:1;) alert tcp $HOME_NET any -> [195.99.230.208] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/195.99.230.208/; sid:900927982; rev:1;) alert tcp $HOME_NET any -> [45.249.156.10] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.249.156.10/; sid:900927974; rev:1;) alert tcp $HOME_NET any -> [144.202.9.18] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/144.202.9.18/; sid:900621217; rev:1;) alert tcp $HOME_NET any -> [149.255.56.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/149.255.56.242/; sid:900621218; rev:1;) alert tcp $HOME_NET any -> [68.229.130.39] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.229.130.39/; sid:900621239; rev:1;) alert tcp $HOME_NET any -> [186.10.243.70] 8082 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.10.243.70/; sid:900621967; rev:1;) alert tcp $HOME_NET any -> [164.132.138.130] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/164.132.138.130/; sid:900621571; rev:1;) alert tcp $HOME_NET any -> [54.38.127.31] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/54.38.127.31/; sid:900621455; rev:1;) alert tcp $HOME_NET any -> [175.107.200.27] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.200.27/; sid:900621231; rev:1;) alert tcp $HOME_NET any -> [91.205.215.66] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.66/; sid:901564229; rev:1;) alert tcp $HOME_NET any -> [78.149.210.116] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.149.210.116/; sid:900621210; rev:1;) alert tcp $HOME_NET any -> [109.154.221.151] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.154.221.151/; sid:900621206; rev:1;) alert tcp $HOME_NET any -> [125.62.120.125] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.62.120.125/; sid:900913231; rev:1;) alert tcp $HOME_NET any -> [197.91.152.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.91.152.93/; sid:900621212; rev:1;) alert tcp $HOME_NET any -> [45.118.216.70] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.118.216.70/; sid:900621213; rev:1;) alert tcp $HOME_NET any -> [177.231.157.189] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.231.157.189/; sid:900621207; rev:1;) alert tcp $HOME_NET any -> [152.168.82.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.168.82.167/; sid:900621211; rev:1;) alert tcp $HOME_NET any -> [212.80.216.126] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.80.216.126/; sid:900621814; rev:1;) alert tcp $HOME_NET any -> [189.166.20.113] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.166.20.113/; sid:900621208; rev:1;) alert tcp $HOME_NET any -> [103.11.83.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.11.83.52/; sid:900621215; rev:1;) alert tcp $HOME_NET any -> [77.82.85.35] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.82.85.35/; sid:900621214; rev:1;) alert tcp $HOME_NET any -> [200.107.105.16] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.107.105.16/; sid:900621204; rev:1;) alert tcp $HOME_NET any -> [213.172.88.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.172.88.13/; sid:900906990; rev:1;) alert tcp $HOME_NET any -> [124.253.18.48] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.253.18.48/; sid:900906897; rev:1;) alert tcp $HOME_NET any -> [31.14.240.162] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.14.240.162/; sid:900621196; rev:1;) alert tcp $HOME_NET any -> [179.62.249.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.62.249.189/; sid:900621199; rev:1;) alert tcp $HOME_NET any -> [66.228.45.129] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.228.45.129/; sid:900621202; rev:1;) alert tcp $HOME_NET any -> [181.30.126.66] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.30.126.66/; sid:900621197; rev:1;) alert tcp $HOME_NET any -> [181.37.126.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.37.126.2/; sid:900621198; rev:1;) alert tcp $HOME_NET any -> [31.163.99.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.163.99.231/; sid:900621201; rev:1;) alert tcp $HOME_NET any -> [117.197.124.36] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.197.124.36/; sid:900622156; rev:1;) alert tcp $HOME_NET any -> [196.6.112.70] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/196.6.112.70/; sid:900621200; rev:1;) alert tcp $HOME_NET any -> [201.248.5.197] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.248.5.197/; sid:900621195; rev:1;) alert tcp $HOME_NET any -> [165.255.52.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/165.255.52.192/; sid:900621194; rev:1;) alert tcp $HOME_NET any -> [2.50.52.255] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.52.255/; sid:900621209; rev:1;) alert tcp $HOME_NET any -> [105.227.156.151] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.227.156.151/; sid:900621191; rev:1;) alert tcp $HOME_NET any -> [88.238.251.233] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.238.251.233/; sid:900621188; rev:1;) alert tcp $HOME_NET any -> [216.98.148.156] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.98.148.156/; sid:900621190; rev:1;) alert tcp $HOME_NET any -> [202.133.72.136] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.133.72.136/; sid:900621193; rev:1;) alert tcp $HOME_NET any -> [94.11.25.255] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.11.25.255/; sid:900621189; rev:1;) alert tcp $HOME_NET any -> [117.193.28.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/117.193.28.115/; sid:900621187; rev:1;) alert tcp $HOME_NET any -> [181.29.186.65] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.186.65/; sid:900621179; rev:1;) alert tcp $HOME_NET any -> [200.90.201.77] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.90.201.77/; sid:900621181; rev:1;) alert tcp $HOME_NET any -> [77.44.16.54] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.44.16.54/; sid:900621182; rev:1;) alert tcp $HOME_NET any -> [107.159.94.183] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/107.159.94.183/; sid:900621178; rev:1;) alert tcp $HOME_NET any -> [187.137.162.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.162.145/; sid:900891426; rev:1;) alert tcp $HOME_NET any -> [189.213.62.223] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.213.62.223/; sid:900621177; rev:1;) alert tcp $HOME_NET any -> [105.184.150.227] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.150.227/; sid:900891356; rev:1;) alert tcp $HOME_NET any -> [190.186.203.55] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.203.55/; sid:900621192; rev:1;) alert tcp $HOME_NET any -> [49.248.84.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/49.248.84.88/; sid:900891330; rev:1;) alert tcp $HOME_NET any -> [83.110.148.19] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.148.19/; sid:900891329; rev:1;) alert tcp $HOME_NET any -> [189.154.67.254] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.67.254/; sid:900621184; rev:1;) alert tcp $HOME_NET any -> [88.215.2.29] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.215.2.29/; sid:900621183; rev:1;) alert tcp $HOME_NET any -> [190.147.116.32] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.116.32/; sid:900621173; rev:1;) alert tcp $HOME_NET any -> [88.97.26.73] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.97.26.73/; sid:900621176; rev:1;) alert tcp $HOME_NET any -> [190.192.113.159] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.192.113.159/; sid:900621174; rev:1;) alert tcp $HOME_NET any -> [189.225.119.52] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.225.119.52/; sid:900621172; rev:1;) alert tcp $HOME_NET any -> [201.218.115.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.218.115.202/; sid:900889682; rev:1;) alert tcp $HOME_NET any -> [190.104.67.90] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.67.90/; sid:900889664; rev:1;) alert tcp $HOME_NET any -> [189.205.185.71] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.205.185.71/; sid:900621171; rev:1;) alert tcp $HOME_NET any -> [190.85.100.102] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.100.102/; sid:900621175; rev:1;) alert tcp $HOME_NET any -> [203.194.46.115] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.194.46.115/; sid:900621167; rev:1;) alert tcp $HOME_NET any -> [178.87.73.140] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.87.73.140/; sid:900621166; rev:1;) alert tcp $HOME_NET any -> [190.147.53.122] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.147.53.122/; sid:900887345; rev:1;) alert tcp $HOME_NET any -> [189.208.59.61] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.208.59.61/; sid:900887340; rev:1;) alert tcp $HOME_NET any -> [59.96.96.73] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.96.96.73/; sid:900887331; rev:1;) alert tcp $HOME_NET any -> [78.169.89.21] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.169.89.21/; sid:900887330; rev:1;) alert tcp $HOME_NET any -> [86.98.94.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.94.57/; sid:900621170; rev:1;) alert tcp $HOME_NET any -> [180.180.141.175] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.180.141.175/; sid:900621158; rev:1;) alert tcp $HOME_NET any -> [83.110.207.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.207.126/; sid:900621162; rev:1;) alert tcp $HOME_NET any -> [89.218.55.146] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.218.55.146/; sid:900621163; rev:1;) alert tcp $HOME_NET any -> [124.120.240.114] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/124.120.240.114/; sid:900886858; rev:1;) alert tcp $HOME_NET any -> [114.134.90.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.134.90.17/; sid:900621157; rev:1;) alert tcp $HOME_NET any -> [69.45.19.145] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.45.19.145/; sid:900621159; rev:1;) alert tcp $HOME_NET any -> [180.150.87.75] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/180.150.87.75/; sid:900621169; rev:1;) alert tcp $HOME_NET any -> [94.130.35.140] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.130.35.140/; sid:900621164; rev:1;) alert tcp $HOME_NET any -> [78.100.187.118] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/78.100.187.118/; sid:900621161; rev:1;) alert tcp $HOME_NET any -> [77.56.253.112] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/77.56.253.112/; sid:900621160; rev:1;) alert tcp $HOME_NET any -> [73.31.185.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.31.185.166/; sid:900621165; rev:1;) alert tcp $HOME_NET any -> [187.188.166.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.166.192/; sid:900621180; rev:1;) alert tcp $HOME_NET any -> [200.82.142.66] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.82.142.66/; sid:900884478; rev:1;) alert tcp $HOME_NET any -> [86.151.202.16] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.151.202.16/; sid:900986948; rev:1;) alert tcp $HOME_NET any -> [186.77.56.180] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.77.56.180/; sid:900621143; rev:1;) alert tcp $HOME_NET any -> [201.238.175.6] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.238.175.6/; sid:900621146; rev:1;) alert tcp $HOME_NET any -> [60.50.212.17] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.50.212.17/; sid:900884469; rev:1;) alert tcp $HOME_NET any -> [187.144.221.205] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.144.221.205/; sid:900621144; rev:1;) alert tcp $HOME_NET any -> [105.228.33.125] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.228.33.125/; sid:900621142; rev:1;) alert tcp $HOME_NET any -> [88.250.109.70] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.250.109.70/; sid:900621148; rev:1;) alert tcp $HOME_NET any -> [189.131.189.158] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.131.189.158/; sid:900621145; rev:1;) alert tcp $HOME_NET any -> [190.173.155.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.173.155.124/; sid:900621149; rev:1;) alert tcp $HOME_NET any -> [191.98.76.73] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/191.98.76.73/; sid:900621141; rev:1;) alert tcp $HOME_NET any -> [197.89.110.52] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.89.110.52/; sid:900621155; rev:1;) alert tcp $HOME_NET any -> [193.239.235.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/193.239.235.150/; sid:900621153; rev:1;) alert tcp $HOME_NET any -> [110.36.100.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.36.100.190/; sid:900884406; rev:1;) alert tcp $HOME_NET any -> [187.137.61.181] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.137.61.181/; sid:900621138; rev:1;) alert tcp $HOME_NET any -> [61.2.18.93] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.2.18.93/; sid:900884399; rev:1;) alert tcp $HOME_NET any -> [41.58.131.24] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.58.131.24/; sid:900884398; rev:1;) alert tcp $HOME_NET any -> [122.164.27.233] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/122.164.27.233/; sid:900884394; rev:1;) alert tcp $HOME_NET any -> [94.66.125.191] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.66.125.191/; sid:900621139; rev:1;) alert tcp $HOME_NET any -> [119.15.153.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/119.15.153.237/; sid:900621156; rev:1;) alert tcp $HOME_NET any -> [105.226.64.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.226.64.153/; sid:900621152; rev:1;) alert tcp $HOME_NET any -> [189.223.228.181] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.223.228.181/; sid:900621140; rev:1;) alert tcp $HOME_NET any -> [115.84.147.62] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.84.147.62/; sid:900621151; rev:1;) alert tcp $HOME_NET any -> [142.113.61.10] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/142.113.61.10/; sid:900879773; rev:1;) alert tcp $HOME_NET any -> [118.174.139.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/118.174.139.50/; sid:900621137; rev:1;) alert tcp $HOME_NET any -> [24.219.3.155] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.219.3.155/; sid:900879769; rev:1;) alert tcp $HOME_NET any -> [190.51.0.48] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.0.48/; sid:900879747; rev:1;) alert tcp $HOME_NET any -> [186.176.19.109] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.176.19.109/; sid:900879745; rev:1;) alert tcp $HOME_NET any -> [181.31.67.191] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.67.191/; sid:900621131; rev:1;) alert tcp $HOME_NET any -> [45.33.35.103] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.35.103/; sid:900621132; rev:1;) alert tcp $HOME_NET any -> [181.29.101.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.29.101.13/; sid:900621130; rev:1;) alert tcp $HOME_NET any -> [186.146.115.151] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.146.115.151/; sid:900621134; rev:1;) alert tcp $HOME_NET any -> [65.49.60.163] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/65.49.60.163/; sid:900621133; rev:1;) alert tcp $HOME_NET any -> [96.64.191.13] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/96.64.191.13/; sid:900879648; rev:1;) alert tcp $HOME_NET any -> [190.186.70.146] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.186.70.146/; sid:900621125; rev:1;) alert tcp $HOME_NET any -> [217.165.84.98] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.98/; sid:900879641; rev:1;) alert tcp $HOME_NET any -> [50.250.136.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.250.136.225/; sid:900879639; rev:1;) alert tcp $HOME_NET any -> [187.234.36.129] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.234.36.129/; sid:900879628; rev:1;) alert tcp $HOME_NET any -> [177.242.214.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/177.242.214.30/; sid:900621128; rev:1;) alert tcp $HOME_NET any -> [89.211.224.216] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.224.216/; sid:900621122; rev:1;) alert tcp $HOME_NET any -> [202.148.56.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/202.148.56.210/; sid:900879192; rev:1;) alert tcp $HOME_NET any -> [59.95.35.76] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.95.35.76/; sid:900621121; rev:1;) alert tcp $HOME_NET any -> [105.184.109.189] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.184.109.189/; sid:900621116; rev:1;) alert tcp $HOME_NET any -> [136.243.117.85] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.243.117.85/; sid:900621118; rev:1;) alert tcp $HOME_NET any -> [45.79.72.132] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.79.72.132/; sid:900621120; rev:1;) alert tcp $HOME_NET any -> [88.156.97.210] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.156.97.210/; sid:900879171; rev:1;) alert tcp $HOME_NET any -> [188.221.112.91] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.221.112.91/; sid:900621119; rev:1;) alert tcp $HOME_NET any -> [109.158.205.99] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.158.205.99/; sid:900621117; rev:1;) alert tcp $HOME_NET any -> [204.184.25.150] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.184.25.150/; sid:900877114; rev:1;) alert tcp $HOME_NET any -> [59.91.30.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.91.30.53/; sid:900877093; rev:1;) alert tcp $HOME_NET any -> [201.97.91.217] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.91.217/; sid:900877091; rev:1;) alert tcp $HOME_NET any -> [41.71.19.150] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.71.19.150/; sid:900877090; rev:1;) alert tcp $HOME_NET any -> [201.138.11.223] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.138.11.223/; sid:900872859; rev:1;) alert tcp $HOME_NET any -> [187.228.144.250] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.228.144.250/; sid:900621107; rev:1;) alert tcp $HOME_NET any -> [189.186.208.24] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.186.208.24/; sid:900872854; rev:1;) alert tcp $HOME_NET any -> [85.104.184.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.184.242/; sid:900872851; rev:1;) alert tcp $HOME_NET any -> [190.230.219.95] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.230.219.95/; sid:900872838; rev:1;) alert tcp $HOME_NET any -> [61.2.56.167] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/61.2.56.167/; sid:900872837; rev:1;) alert tcp $HOME_NET any -> [105.225.191.133] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.225.191.133/; sid:900872836; rev:1;) alert tcp $HOME_NET any -> [88.254.240.194] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/88.254.240.194/; sid:900872835; rev:1;) alert tcp $HOME_NET any -> [179.8.124.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.8.124.11/; sid:900872834; rev:1;) alert tcp $HOME_NET any -> [187.153.103.175] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.153.103.175/; sid:900870009; rev:1;) alert tcp $HOME_NET any -> [67.206.210.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.206.210.18/; sid:900869988; rev:1;) alert tcp $HOME_NET any -> [60.49.36.149] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/60.49.36.149/; sid:900869016; rev:1;) alert tcp $HOME_NET any -> [174.106.108.31] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.106.108.31/; sid:900869015; rev:1;) alert tcp $HOME_NET any -> [181.92.117.141] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.92.117.141/; sid:900869007; rev:1;) alert tcp $HOME_NET any -> [189.190.169.221] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.190.169.221/; sid:900868998; rev:1;) alert tcp $HOME_NET any -> [68.191.37.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/68.191.37.107/; sid:900868981; rev:1;) alert tcp $HOME_NET any -> [62.75.143.100] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.75.143.100/; sid:900868974; rev:1;) alert tcp $HOME_NET any -> [104.2.2.153] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.2.2.153/; sid:900868965; rev:1;) alert tcp $HOME_NET any -> [179.14.2.75] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.14.2.75/; sid:900937229; rev:1;) alert tcp $HOME_NET any -> [189.154.84.161] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.154.84.161/; sid:900868958; rev:1;) alert tcp $HOME_NET any -> [187.198.57.250] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.198.57.250/; sid:900621103; rev:1;) alert tcp $HOME_NET any -> [187.214.110.33] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.214.110.33/; sid:900621104; rev:1;) alert tcp $HOME_NET any -> [103.12.132.98] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.12.132.98/; sid:900621126; rev:1;) alert tcp $HOME_NET any -> [190.219.231.69] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.219.231.69/; sid:900868934; rev:1;) alert tcp $HOME_NET any -> [201.249.117.123] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.249.117.123/; sid:900868933; rev:1;) alert tcp $HOME_NET any -> [181.31.182.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.31.182.138/; sid:900868932; rev:1;) alert tcp $HOME_NET any -> [208.180.217.173] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/208.180.217.173/; sid:900868931; rev:1;) alert tcp $HOME_NET any -> [197.88.12.80] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.88.12.80/; sid:900621108; rev:1;) alert tcp $HOME_NET any -> [190.16.121.202] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.16.121.202/; sid:900621124; rev:1;) alert tcp $HOME_NET any -> [187.135.43.126] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.135.43.126/; sid:900621102; rev:1;) alert tcp $HOME_NET any -> [71.78.158.190] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.78.158.190/; sid:900621111; rev:1;) alert tcp $HOME_NET any -> [91.235.129.212] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.235.129.212/; sid:900621681; rev:1;) alert tcp $HOME_NET any -> [217.165.84.16] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.84.16/; sid:900621109; rev:1;) alert tcp $HOME_NET any -> [27.130.153.101] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/27.130.153.101/; sid:900621106; rev:1;) alert tcp $HOME_NET any -> [115.74.214.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.74.214.134/; sid:900621129; rev:1;) alert tcp $HOME_NET any -> [189.159.103.149] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.103.149/; sid:900621438; rev:1;) alert tcp $HOME_NET any -> [83.110.216.26] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.216.26/; sid:900621098; rev:1;) alert tcp $HOME_NET any -> [200.126.225.56] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.126.225.56/; sid:900621096; rev:1;) alert tcp $HOME_NET any -> [192.186.96.125] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/192.186.96.125/; sid:900621127; rev:1;) alert tcp $HOME_NET any -> [80.82.62.9] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.82.62.9/; sid:900621185; rev:1;) alert tcp $HOME_NET any -> [190.117.82.103] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.82.103/; sid:900621110; rev:1;) alert tcp $HOME_NET any -> [201.165.102.49] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.165.102.49/; sid:900621105; rev:1;) alert tcp $HOME_NET any -> [187.189.210.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.210.143/; sid:900621135; rev:1;) alert tcp $HOME_NET any -> [89.188.124.145] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.188.124.145/; sid:900621114; rev:1;) alert tcp $HOME_NET any -> [190.0.32.206] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.0.32.206/; sid:900621095; rev:1;) alert tcp $HOME_NET any -> [181.170.93.38] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.93.38/; sid:900621100; rev:1;) alert tcp $HOME_NET any -> [197.248.67.226] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/197.248.67.226/; sid:900621123; rev:1;) alert tcp $HOME_NET any -> [110.169.107.239] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.169.107.239/; sid:900621113; rev:1;) alert tcp $HOME_NET any -> [186.139.160.193] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.139.160.193/; sid:900621101; rev:1;) alert tcp $HOME_NET any -> [67.241.81.253] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.241.81.253/; sid:900621097; rev:1;) alert tcp $HOME_NET any -> [190.96.118.53] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.96.118.53/; sid:900621115; rev:1;) alert tcp $HOME_NET any -> [82.0.19.40] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.0.19.40/; sid:900621203; rev:1;) alert tcp $HOME_NET any -> [173.3.29.123] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.3.29.123/; sid:900864677; rev:1;) alert tcp $HOME_NET any -> [189.148.145.183] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.148.145.183/; sid:900621112; rev:1;) alert tcp $HOME_NET any -> [106.51.237.174] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/106.51.237.174/; sid:900861979; rev:1;) alert tcp $HOME_NET any -> [190.128.26.2] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.128.26.2/; sid:900861970; rev:1;) alert tcp $HOME_NET any -> [41.227.243.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.227.243.107/; sid:900861956; rev:1;) alert tcp $HOME_NET any -> [190.161.186.116] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.161.186.116/; sid:900621099; rev:1;) alert tcp $HOME_NET any -> [190.18.153.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.153.249/; sid:900621088; rev:1;) alert tcp $HOME_NET any -> [189.150.218.69] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.150.218.69/; sid:900621091; rev:1;) alert tcp $HOME_NET any -> [95.42.189.34] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.42.189.34/; sid:900621090; rev:1;) alert tcp $HOME_NET any -> [125.99.106.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/125.99.106.225/; sid:900621089; rev:1;) alert tcp $HOME_NET any -> [185.142.99.46] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.142.99.46/; sid:900621491; rev:1;) alert tcp $HOME_NET any -> [92.154.101.154] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/92.154.101.154/; sid:900621074; rev:1;) alert tcp $HOME_NET any -> [114.79.191.12] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/114.79.191.12/; sid:900621071; rev:1;) alert tcp $HOME_NET any -> [184.95.192.237] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.95.192.237/; sid:900852338; rev:1;) alert tcp $HOME_NET any -> [184.160.113.4] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/184.160.113.4/; sid:900621072; rev:1;) alert tcp $HOME_NET any -> [136.49.87.106] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/136.49.87.106/; sid:900621081; rev:1;) alert tcp $HOME_NET any -> [176.58.93.123] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/176.58.93.123/; sid:900621076; rev:1;) alert tcp $HOME_NET any -> [181.44.231.127] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.44.231.127/; sid:900621083; rev:1;) alert tcp $HOME_NET any -> [43.229.62.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/43.229.62.186/; sid:900621078; rev:1;) alert tcp $HOME_NET any -> [154.120.228.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/154.120.228.126/; sid:900621075; rev:1;) alert tcp $HOME_NET any -> [181.118.101.22] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.118.101.22/; sid:900621077; rev:1;) alert tcp $HOME_NET any -> [190.104.229.114] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.104.229.114/; sid:900621073; rev:1;) alert tcp $HOME_NET any -> [24.63.218.229] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.63.218.229/; sid:900621079; rev:1;) alert tcp $HOME_NET any -> [66.115.90.48] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.115.90.48/; sid:900621080; rev:1;) alert tcp $HOME_NET any -> [183.82.1.142] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/183.82.1.142/; sid:900621087; rev:1;) alert tcp $HOME_NET any -> [73.217.113.111] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.217.113.111/; sid:900621084; rev:1;) alert tcp $HOME_NET any -> [37.209.252.121] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.209.252.121/; sid:900621085; rev:1;) alert tcp $HOME_NET any -> [190.18.219.56] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.18.219.56/; sid:900621086; rev:1;) alert tcp $HOME_NET any -> [81.134.59.36] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.134.59.36/; sid:900850146; rev:1;) alert tcp $HOME_NET any -> [182.176.184.81] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.176.184.81/; sid:900621062; rev:1;) alert tcp $HOME_NET any -> [211.63.71.72] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/211.63.71.72/; sid:900849376; rev:1;) alert tcp $HOME_NET any -> [185.191.177.79] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.191.177.79/; sid:900621057; rev:1;) alert tcp $HOME_NET any -> [83.110.80.67] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/83.110.80.67/; sid:900621059; rev:1;) alert tcp $HOME_NET any -> [212.31.106.90] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.31.106.90/; sid:900621063; rev:1;) alert tcp $HOME_NET any -> [91.92.191.134] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.92.191.134/; sid:900621060; rev:1;) alert tcp $HOME_NET any -> [95.128.43.213] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.128.43.213/; sid:900849366; rev:1;) alert tcp $HOME_NET any -> [81.22.137.186] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/81.22.137.186/; sid:900849365; rev:1;) alert tcp $HOME_NET any -> [201.146.85.239] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.146.85.239/; sid:900621058; rev:1;) alert tcp $HOME_NET any -> [203.210.237.200] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/203.210.237.200/; sid:900621065; rev:1;) alert tcp $HOME_NET any -> [174.93.130.148] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.93.130.148/; sid:900621055; rev:1;) alert tcp $HOME_NET any -> [175.100.138.82] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.100.138.82/; sid:900849350; rev:1;) alert tcp $HOME_NET any -> [2.50.4.159] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/2.50.4.159/; sid:900849349; rev:1;) alert tcp $HOME_NET any -> [94.250.55.138] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.250.55.138/; sid:900849348; rev:1;) alert tcp $HOME_NET any -> [171.101.196.138] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/171.101.196.138/; sid:900849347; rev:1;) alert tcp $HOME_NET any -> [189.155.72.127] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.72.127/; sid:900848607; rev:1;) alert tcp $HOME_NET any -> [86.42.246.197] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.246.197/; sid:900848599; rev:1;) alert tcp $HOME_NET any -> [181.39.51.243] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.39.51.243/; sid:900848597; rev:1;) alert tcp $HOME_NET any -> [82.226.163.9] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.226.163.9/; sid:900621051; rev:1;) alert tcp $HOME_NET any -> [99.243.127.236] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/99.243.127.236/; sid:900621052; rev:1;) alert tcp $HOME_NET any -> [74.36.4.206] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/74.36.4.206/; sid:900621050; rev:1;) alert tcp $HOME_NET any -> [216.221.73.45] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/216.221.73.45/; sid:900621049; rev:1;) alert tcp $HOME_NET any -> [200.114.142.40] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.114.142.40/; sid:900621048; rev:1;) alert tcp $HOME_NET any -> [181.15.177.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.15.177.100/; sid:900848325; rev:1;) alert tcp $HOME_NET any -> [181.129.83.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.129.83.122/; sid:900621046; rev:1;) alert tcp $HOME_NET any -> [181.170.252.83] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.170.252.83/; sid:900621047; rev:1;) alert tcp $HOME_NET any -> [162.243.125.212] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.243.125.212/; sid:900621070; rev:1;) alert tcp $HOME_NET any -> [104.236.135.119] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/104.236.135.119/; sid:900621068; rev:1;) alert tcp $HOME_NET any -> [59.91.24.244] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/59.91.24.244/; sid:900621042; rev:1;) alert tcp $HOME_NET any -> [187.207.136.230] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.136.230/; sid:900621040; rev:1;) alert tcp $HOME_NET any -> [95.65.206.248] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/95.65.206.248/; sid:900621044; rev:1;) alert tcp $HOME_NET any -> [103.11.82.67] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.11.82.67/; sid:900846695; rev:1;) alert tcp $HOME_NET any -> [217.165.126.204] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/217.165.126.204/; sid:900621041; rev:1;) alert tcp $HOME_NET any -> [66.50.29.185] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.50.29.185/; sid:900621043; rev:1;) alert tcp $HOME_NET any -> [187.192.60.158] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.192.60.158/; sid:900621035; rev:1;) alert tcp $HOME_NET any -> [189.236.193.173] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.236.193.173/; sid:900621036; rev:1;) alert tcp $HOME_NET any -> [86.42.253.213] 993 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.42.253.213/; sid:900841513; rev:1;) alert tcp $HOME_NET any -> [189.155.152.129] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.155.152.129/; sid:900841511; rev:1;) alert tcp $HOME_NET any -> [188.48.145.96] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/188.48.145.96/; sid:900621034; rev:1;) alert tcp $HOME_NET any -> [186.71.61.94] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.71.61.94/; sid:900841508; rev:1;) alert tcp $HOME_NET any -> [187.136.144.197] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.136.144.197/; sid:900621033; rev:1;) alert tcp $HOME_NET any -> [189.250.182.236] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.182.236/; sid:900621037; rev:1;) alert tcp $HOME_NET any -> [190.48.129.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.48.129.88/; sid:900621038; rev:1;) alert tcp $HOME_NET any -> [186.183.141.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.183.141.17/; sid:900838758; rev:1;) alert tcp $HOME_NET any -> [200.123.135.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.123.135.17/; sid:900838757; rev:1;) alert tcp $HOME_NET any -> [190.112.197.130] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.112.197.130/; sid:900833960; rev:1;) alert tcp $HOME_NET any -> [186.19.36.126] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.19.36.126/; sid:900833958; rev:1;) alert tcp $HOME_NET any -> [174.64.239.8] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.64.239.8/; sid:900833764; rev:1;) alert tcp $HOME_NET any -> [186.5.100.92] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.5.100.92/; sid:900833733; rev:1;) alert tcp $HOME_NET any -> [63.77.201.245] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/63.77.201.245/; sid:900833663; rev:1;) alert tcp $HOME_NET any -> [181.23.229.192] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.23.229.192/; sid:900833640; rev:1;) alert tcp $HOME_NET any -> [37.210.168.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.210.168.251/; sid:900833639; rev:1;) alert tcp $HOME_NET any -> [189.230.171.255] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.230.171.255/; sid:900833637; rev:1;) alert tcp $HOME_NET any -> [201.97.58.156] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.97.58.156/; sid:900833636; rev:1;) alert tcp $HOME_NET any -> [190.121.143.147] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.121.143.147/; sid:900621012; rev:1;) alert tcp $HOME_NET any -> [204.138.46.166] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/204.138.46.166/; sid:900621016; rev:1;) alert tcp $HOME_NET any -> [174.109.4.153] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.109.4.153/; sid:900621007; rev:1;) alert tcp $HOME_NET any -> [200.125.190.126] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.190.126/; sid:900621015; rev:1;) alert tcp $HOME_NET any -> [82.73.220.225] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.73.220.225/; sid:900621021; rev:1;) alert tcp $HOME_NET any -> [115.75.36.220] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/115.75.36.220/; sid:900621006; rev:1;) alert tcp $HOME_NET any -> [189.159.143.134] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.159.143.134/; sid:900621010; rev:1;) alert tcp $HOME_NET any -> [189.252.15.206] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.252.15.206/; sid:900621027; rev:1;) alert tcp $HOME_NET any -> [179.12.193.156] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/179.12.193.156/; sid:900621008; rev:1;) alert tcp $HOME_NET any -> [189.189.175.174] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.189.175.174/; sid:900621028; rev:1;) alert tcp $HOME_NET any -> [86.205.224.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.205.224.234/; sid:900621022; rev:1;) alert tcp $HOME_NET any -> [47.180.177.96] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.180.177.96/; sid:900833554; rev:1;) alert tcp $HOME_NET any -> [190.51.51.93] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.51.51.93/; sid:900833551; rev:1;) alert tcp $HOME_NET any -> [73.183.131.231] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/73.183.131.231/; sid:900833549; rev:1;) alert tcp $HOME_NET any -> [201.212.91.189] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.91.189/; sid:900833546; rev:1;) alert tcp $HOME_NET any -> [173.177.157.7] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.177.157.7/; sid:900833537; rev:1;) alert tcp $HOME_NET any -> [71.88.106.124] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.88.106.124/; sid:900833509; rev:1;) alert tcp $HOME_NET any -> [200.21.51.30] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.21.51.30/; sid:900621979; rev:1;) alert tcp $HOME_NET any -> [31.167.109.122] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/31.167.109.122/; sid:900621017; rev:1;) alert tcp $HOME_NET any -> [37.44.212.195] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.195/; sid:900621593; rev:1;) alert tcp $HOME_NET any -> [47.202.17.6] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/47.202.17.6/; sid:900621018; rev:1;) alert tcp $HOME_NET any -> [71.43.73.58] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.43.73.58/; sid:900621026; rev:1;) alert tcp $HOME_NET any -> [162.104.1.255] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/162.104.1.255/; sid:900621032; rev:1;) alert tcp $HOME_NET any -> [86.98.222.202] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.98.222.202/; sid:900621023; rev:1;) alert tcp $HOME_NET any -> [200.116.26.234] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.116.26.234/; sid:900621014; rev:1;) alert tcp $HOME_NET any -> [24.137.254.148] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.137.254.148/; sid:900621039; rev:1;) alert tcp $HOME_NET any -> [173.247.238.184] 443 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/173.247.238.184/; sid:900621351; rev:1;) alert tcp $HOME_NET any -> [201.212.49.246] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.212.49.246/; sid:900621025; rev:1;) alert tcp $HOME_NET any -> [190.185.241.151] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.185.241.151/; sid:900621013; rev:1;) alert tcp $HOME_NET any -> [186.64.175.137] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.64.175.137/; sid:900621009; rev:1;) alert tcp $HOME_NET any -> [189.250.145.98] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.250.145.98/; sid:900621011; rev:1;) alert tcp $HOME_NET any -> [72.161.250.4] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/72.161.250.4/; sid:900621019; rev:1;) alert tcp $HOME_NET any -> [200.125.222.34] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.125.222.34/; sid:900621029; rev:1;) alert tcp $HOME_NET any -> [109.194.50.231] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.194.50.231/; sid:900621093; rev:1;) alert tcp $HOME_NET any -> [201.236.95.82] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.236.95.82/; sid:900621024; rev:1;) alert tcp $HOME_NET any -> [190.211.207.11] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.211.207.11/; sid:900621031; rev:1;) alert tcp $HOME_NET any -> [207.255.210.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.255.210.196/; sid:900621094; rev:1;) alert tcp $HOME_NET any -> [105.185.141.205] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.185.141.205/; sid:900621045; rev:1;) alert tcp $HOME_NET any -> [58.9.168.7] 990 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.9.168.7/; sid:900621216; rev:1;) alert tcp $HOME_NET any -> [212.122.71.196] 995 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/212.122.71.196/; sid:900621030; rev:1;) alert tcp $HOME_NET any -> [181.57.193.10] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.57.193.10/; sid:900620998; rev:1;) alert tcp $HOME_NET any -> [70.57.82.196] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.82.196/; sid:900621001; rev:1;) alert tcp $HOME_NET any -> [80.115.91.222] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/80.115.91.222/; sid:900621002; rev:1;) alert tcp $HOME_NET any -> [50.80.248.108] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.80.248.108/; sid:900621000; rev:1;) alert tcp $HOME_NET any -> [190.146.214.85] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.214.85/; sid:900620994; rev:1;) alert tcp $HOME_NET any -> [190.15.198.47] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.15.198.47/; sid:900620996; rev:1;) alert tcp $HOME_NET any -> [186.3.188.74] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.3.188.74/; sid:900620991; rev:1;) alert tcp $HOME_NET any -> [190.117.206.153] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.117.206.153/; sid:900620993; rev:1;) alert tcp $HOME_NET any -> [190.146.86.180] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.146.86.180/; sid:900620995; rev:1;) alert tcp $HOME_NET any -> [187.207.188.248] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.207.188.248/; sid:900620992; rev:1;) alert tcp $HOME_NET any -> [82.78.228.57] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/82.78.228.57/; sid:900620997; rev:1;) alert tcp $HOME_NET any -> [76.168.149.66] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/76.168.149.66/; sid:900828698; rev:1;) alert tcp $HOME_NET any -> [71.182.128.166] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.182.128.166/; sid:900828697; rev:1;) alert tcp $HOME_NET any -> [201.239.154.191] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.239.154.191/; sid:900828696; rev:1;) alert tcp $HOME_NET any -> [64.9.43.60] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.9.43.60/; sid:900828695; rev:1;) alert tcp $HOME_NET any -> [64.46.91.165] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.46.91.165/; sid:900828694; rev:1;) alert tcp $HOME_NET any -> [67.248.56.82] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.248.56.82/; sid:900828693; rev:1;) alert tcp $HOME_NET any -> [189.209.217.49] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.209.217.49/; sid:900620979; rev:1;) alert tcp $HOME_NET any -> [160.3.238.131] 50000 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/160.3.238.131/; sid:900620987; rev:1;) alert tcp $HOME_NET any -> [190.97.219.241] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.97.219.241/; sid:900620980; rev:1;) alert tcp $HOME_NET any -> [91.205.215.57] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/91.205.215.57/; sid:900828452; rev:1;) alert tcp $HOME_NET any -> [109.73.52.242] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/109.73.52.242/; sid:900828449; rev:1;) alert tcp $HOME_NET any -> [139.59.19.157] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/139.59.19.157/; sid:900620975; rev:1;) alert tcp $HOME_NET any -> [181.228.211.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.228.211.100/; sid:900620978; rev:1;) alert tcp $HOME_NET any -> [207.134.207.44] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/207.134.207.44/; sid:900828436; rev:1;) alert tcp $HOME_NET any -> [181.40.122.122] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.40.122.122/; sid:900828435; rev:1;) alert tcp $HOME_NET any -> [152.171.65.137] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/152.171.65.137/; sid:900620976; rev:1;) alert tcp $HOME_NET any -> [181.198.203.150] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.198.203.150/; sid:900620977; rev:1;) alert tcp $HOME_NET any -> [45.33.49.124] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.33.49.124/; sid:900828256; rev:1;) alert tcp $HOME_NET any -> [200.113.185.229] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.113.185.229/; sid:900828255; rev:1;) alert tcp $HOME_NET any -> [90.219.97.38] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/90.219.97.38/; sid:900828244; rev:1;) alert tcp $HOME_NET any -> [185.94.252.3] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/185.94.252.3/; sid:900620973; rev:1;) alert tcp $HOME_NET any -> [108.188.116.179] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/108.188.116.179/; sid:900620972; rev:1;) alert tcp $HOME_NET any -> [24.243.101.134] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.243.101.134/; sid:900620974; rev:1;) alert tcp $HOME_NET any -> [200.50.185.54] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.50.185.54/; sid:900620990; rev:1;) alert tcp $HOME_NET any -> [187.233.152.78] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.233.152.78/; sid:900620999; rev:1;) alert tcp $HOME_NET any -> [41.220.119.246] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/41.220.119.246/; sid:900621003; rev:1;) alert tcp $HOME_NET any -> [62.217.133.100] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.217.133.100/; sid:900620989; rev:1;) alert tcp $HOME_NET any -> [70.184.97.144] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.184.97.144/; sid:900620966; rev:1;) alert tcp $HOME_NET any -> [190.210.3.93] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.210.3.93/; sid:900620965; rev:1;) alert tcp $HOME_NET any -> [71.11.157.249] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/71.11.157.249/; sid:900620967; rev:1;) alert tcp $HOME_NET any -> [50.246.45.249] 7080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/50.246.45.249/; sid:900620964; rev:1;) alert tcp $HOME_NET any -> [181.197.2.252] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.197.2.252/; sid:900620963; rev:1;) alert tcp $HOME_NET any -> [64.87.26.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.87.26.17/; sid:900825544; rev:1;) alert tcp $HOME_NET any -> [94.183.129.173] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/94.183.129.173/; sid:900825541; rev:1;) alert tcp $HOME_NET any -> [182.180.92.102] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/182.180.92.102/; sid:900825540; rev:1;) alert tcp $HOME_NET any -> [67.209.208.130] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/67.209.208.130/; sid:900825539; rev:1;) alert tcp $HOME_NET any -> [187.189.195.208] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.189.195.208/; sid:900825538; rev:1;) alert tcp $HOME_NET any -> [103.39.131.88] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.39.131.88/; sid:900620957; rev:1;) alert tcp $HOME_NET any -> [86.239.117.57] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/86.239.117.57/; sid:900825537; rev:1;) alert tcp $HOME_NET any -> [45.36.20.17] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/45.36.20.17/; sid:900620958; rev:1;) alert tcp $HOME_NET any -> [187.188.83.52] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.188.83.52/; sid:900620948; rev:1;) alert tcp $HOME_NET any -> [58.171.215.214] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/58.171.215.214/; sid:900620954; rev:1;) alert tcp $HOME_NET any -> [70.15.236.247] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.15.236.247/; sid:900620955; rev:1;) alert tcp $HOME_NET any -> [186.179.80.99] 465 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.179.80.99/; sid:900620947; rev:1;) alert tcp $HOME_NET any -> [69.2.162.139] 53 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/69.2.162.139/; sid:900620952; rev:1;) alert tcp $HOME_NET any -> [174.56.47.59] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/174.56.47.59/; sid:900620946; rev:1;) alert tcp $HOME_NET any -> [213.107.110.253] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/213.107.110.253/; sid:900620943; rev:1;) alert tcp $HOME_NET any -> [105.224.170.35] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/105.224.170.35/; sid:900620953; rev:1;) alert tcp $HOME_NET any -> [190.85.38.226] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.85.38.226/; sid:900620941; rev:1;) alert tcp $HOME_NET any -> [186.15.83.52] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.15.83.52/; sid:900620944; rev:1;) alert tcp $HOME_NET any -> [190.92.48.253] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.92.48.253/; sid:900620942; rev:1;) alert tcp $HOME_NET any -> [201.253.238.50] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.253.238.50/; sid:900620956; rev:1;) alert tcp $HOME_NET any -> [190.193.141.52] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.193.141.52/; sid:900620945; rev:1;) alert tcp $HOME_NET any -> [201.192.156.113] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/201.192.156.113/; sid:900620949; rev:1;) alert tcp $HOME_NET any -> [70.28.22.105] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.28.22.105/; sid:900620937; rev:1;) alert tcp $HOME_NET any -> [89.211.193.18] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/89.211.193.18/; sid:900620939; rev:1;) alert tcp $HOME_NET any -> [181.61.221.146] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/181.61.221.146/; sid:900620936; rev:1;) alert tcp $HOME_NET any -> [70.57.24.230] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/70.57.24.230/; sid:900620938; rev:1;) alert tcp $HOME_NET any -> [178.78.64.80] 8443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/178.78.64.80/; sid:900620935; rev:1;) alert tcp $HOME_NET any -> [87.106.139.101] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/87.106.139.101/; sid:900813379; rev:1;) alert tcp $HOME_NET any -> [186.43.57.143] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.43.57.143/; sid:900813363; rev:1;) alert tcp $HOME_NET any -> [187.176.44.226] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.176.44.226/; sid:900620932; rev:1;) alert tcp $HOME_NET any -> [62.151.17.5] 8090 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/62.151.17.5/; sid:900620930; rev:1;) alert tcp $HOME_NET any -> [85.104.59.244] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/85.104.59.244/; sid:900620934; rev:1;) alert tcp $HOME_NET any -> [175.107.228.236] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/175.107.228.236/; sid:900620931; rev:1;) alert tcp $HOME_NET any -> [206.53.93.6] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/206.53.93.6/; sid:900620933; rev:1;) alert tcp $HOME_NET any -> [64.13.225.150] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/64.13.225.150/; sid:900621067; rev:1;) alert tcp $HOME_NET any -> [37.44.212.94] 447 (msg:"Feodo Tracker: potential TrickBot CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/37.44.212.94/; sid:900621820; rev:1;) alert tcp $HOME_NET any -> [189.151.39.229] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.151.39.229/; sid:900620922; rev:1;) alert tcp $HOME_NET any -> [200.51.94.251] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/200.51.94.251/; sid:901127223; rev:1;) alert tcp $HOME_NET any -> [186.177.30.6] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/186.177.30.6/; sid:900620921; rev:1;) alert tcp $HOME_NET any -> [24.234.249.226] 22 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/24.234.249.226/; sid:900620925; rev:1;) alert tcp $HOME_NET any -> [103.209.65.42] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/103.209.65.42/; sid:900810228; rev:1;) alert tcp $HOME_NET any -> [110.172.188.120] 443 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/110.172.188.120/; sid:900810226; rev:1;) alert tcp $HOME_NET any -> [66.84.11.168] 8080 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/66.84.11.168/; sid:900621289; rev:1;) alert tcp $HOME_NET any -> [190.108.216.107] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/190.108.216.107/; sid:900620928; rev:1;) alert tcp $HOME_NET any -> [75.104.218.201] 143 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/75.104.218.201/; sid:900620909; rev:1;) alert tcp $HOME_NET any -> [189.156.39.161] 20 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/189.156.39.161/; sid:900806072; rev:1;) alert tcp $HOME_NET any -> [187.209.46.240] 21 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: type limit, track by_src, seconds 60, count 1; classtype:trojan-activity; reference:url, feodotracker.abuse.ch/browse/host/187.209.46.240/; sid:900620917; rev:1;) alert tcp $HOME_NET any -> [71.224.174.17] 80 (msg:"Feodo Tracker: potential Heodo CnC Traffic detected"; threshold: ty